CVE-2016-6396 Information

Description

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 when certain malware blocking options are enabled allow remote attackers to bypass malware detection via crafted fields in HTTP headers aka Bug ID CSCuz44482.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1 http://www.securityfocus.com/bid/92826 http://www.securitytracker.com/id/1036756

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3