CVE-2015-6357

Cisco FireSIGHT Management Center Certificate Validation

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

La funcionalidad de actualización de reglas en Cisco FireSIGHT Management Center (MC) 5.2 hasta la versión 5.4.0.1 no verifica el certificado X.509 del servidor SSL support.sourcefire.com, lo que permite a atacantes man-in-the-middle suplantar éste servidor y proveer un paquete invalido, y consecuentemente ejecutar código arbitrario, a través de un certificado manipulado, también conocida como Bug ID CSCuw06444.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-08-17 CVE Reserved
2015-11-17 CVE Published
2024-07-25 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (6)

URL	Tag	Source
http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.html	X_refsource_misc
http://seclists.org/fulldisclosure/2015/Nov/79	Mailing List
http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html	X_refsource_misc
http://www.securityfocus.com/archive/1/536913/100/0/threaded	Mailing List
http://www.securitytracker.com/id/1034161	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.2.0 Search vendor "Cisco" for product "Firesight System Software" and version "5.2.0"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.3.0 Search vendor "Cisco" for product "Firesight System Software" and version "5.3.0"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.3.1.1 Search vendor "Cisco" for product "Firesight System Software" and version "5.3.1.1"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.3.1.2 Search vendor "Cisco" for product "Firesight System Software" and version "5.3.1.2"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.3.1.5 Search vendor "Cisco" for product "Firesight System Software" and version "5.3.1.5"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.4.0 Search vendor "Cisco" for product "Firesight System Software" and version "5.4.0"		-		Affected
Cisco Search vendor "Cisco"		Firesight System Software Search vendor "Cisco" for product "Firesight System Software"				5.4.0.1 Search vendor "Cisco" for product "Firesight System Software" and version "5.4.0.1"		-		Affected