CVE-2015-6427
First published: Fri Dec 18 2015(Updated: )
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FireSIGHT System Software | =5.3.0 | |
| Cisco FireSIGHT System Software | =5.3.0.1 | |
| Cisco FireSIGHT System Software | =5.3.0.2 | |
| Cisco FireSIGHT System Software | =5.3.1 | |
| Cisco FireSIGHT System Software | =5.3.1.1 | |
| Cisco FireSIGHT System Software | =5.3.1.2 | |
| Cisco FireSIGHT System Software | =5.3.1.3 | |
| Cisco FireSIGHT System Software | =5.3.1.4 | |
| Cisco FireSIGHT System Software | =5.3.1.5 | |
| Cisco FireSIGHT System Software | =5.3.1.7 | |
| Cisco FireSIGHT System Software | =5.4.0 | |
| Cisco FireSIGHT System Software | =5.4.0.1 | |
| Cisco FireSIGHT System Software | =5.4.0.4 | |
| Cisco FireSIGHT System Software | =5.4.1 | |
| Cisco FireSIGHT System Software | =5.4.1.2 | |
| Cisco FireSIGHT System Software | =5.4.1.3 | |
| Cisco FireSIGHT System Software | =5.4.1.4 | |
| Cisco FireSIGHT System Software | =6.0.0 | |
| Cisco FireSIGHT System Software | =6.0.0.1 | |
| Cisco FireSIGHT System Software | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6427?
The severity of CVE-2015-6427 is classified as high due to the potential for remote exploitation.
How do I fix CVE-2015-6427?
To fix CVE-2015-6427, upgrade your Cisco FireSIGHT Management Center to a version that is not affected, such as version 6.0.1 or later.
What are the affected versions for CVE-2015-6427?
CVE-2015-6427 affects Cisco FireSIGHT System Software versions 5.3.0 through 6.0.0.
What impact does CVE-2015-6427 have on security?
CVE-2015-6427 allows attackers to bypass HTTP attack detection, potentially leading to undetected malicious activities.
Is there a workaround for CVE-2015-6427?
There are no recognized workarounds for CVE-2015-6427; updating to a secure version is recommended.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco firesight system software
- version/cisco firesight system software/5.3.0
- version/cisco firesight system software/5.3.0.1
- version/cisco firesight system software/5.3.0.2
- version/cisco firesight system software/5.3.1
- version/cisco firesight system software/5.3.1.1
- version/cisco firesight system software/5.3.1.2
- version/cisco firesight system software/5.3.1.3
- version/cisco firesight system software/5.3.1.4
- version/cisco firesight system software/5.3.1.5
- version/cisco firesight system software/5.3.1.7
- version/cisco firesight system software/5.4.0
- version/cisco firesight system software/5.4.0.1
- version/cisco firesight system software/5.4.0.4
- version/cisco firesight system software/5.4.1
- version/cisco firesight system software/5.4.1.2
- version/cisco firesight system software/5.4.1.3
- version/cisco firesight system software/5.4.1.4
- version/cisco firesight system software/6.0.0
- version/cisco firesight system software/6.0.0.1
- version/cisco firesight system software/6.0.1