CVE-2015-6357: CVE-2015-6357

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-6357

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco FireSIGHT Management Center 输入验证漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco FireSIGHT Management Center（MC）是美国思科（Cisco）公司的一套集中对Cisco ASA with FirePOWER Services和Cisco FirePOWER网络安全设备进行管理的管理中心软件。 Cisco FireSIGHT MC 5.2版本至5.4.0.1版本的rule-update功能中存在安全漏洞，该漏洞源于程序没有验证support.sourcefire.com SSL服务器端的X.509证书。攻击者可借助特制的证书利用该漏洞实施中间人攻击，

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2015-6357

#	POC Description	Source Link	Shenlong Link
1	Exploit for CVE-2015-6357 Cisco FireSIGHT Management Center Certificate Validation Vulnerability	https://github.com/mattimustang/firepwner	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2015-6357

Please Login to view more intelligence information

http://packetstormsecurity.com/files/134390/Cisco-FireSIGHT-Management-Center-Certificate-Validation.htmlx_refsource_MISC
🔗 http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.htmlx_refsource_MISC
http://www.securitytracker.com/id/1034161vdb-entryx_refsource_SECTRACK
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmcvendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/archive/1/536913/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2015/Nov/79mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2015-6357

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2015-6357

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2015-6357

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2015-6357

III. Intelligence Information for CVE-2015-6357

New Vulnerabilities

V. Comments for CVE-2015-6357

Leave a comment