CVE-2016-1345: Input Validation
First published: Fri Apr 01 2016(Updated: )
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ASA FirePOWER | =5.4.0 | |
| Cisco ASA FirePOWER | =5.4.0.1 | |
| Cisco ASA FirePOWER | =5.4.0.2 | |
| Cisco ASA FirePOWER | =5.4.0.3 | |
| Cisco ASA FirePOWER | =5.4.0.4 | |
| Cisco ASA FirePOWER | =5.4.0.5 | |
| Cisco ASA FirePOWER | =5.4.0.6 | |
| Cisco ASA FirePOWER | =6.0.0 | |
| Cisco ASA FirePOWER | =6.0.0.1 | |
| Cisco FireSIGHT System Software | =5.4.0 | |
| Cisco FireSIGHT System Software | =5.4.0.1 | |
| Cisco FireSIGHT System Software | =5.4.0.2 | |
| Cisco FireSIGHT System Software | =5.4.0.3 | |
| Cisco FireSIGHT System Software | =5.4.0.4 | |
| Cisco FireSIGHT System Software | =5.4.0.5 | |
| Cisco FireSIGHT System Software | =5.4.0.6 | |
| Cisco FireSIGHT System Software | =5.4.1 | |
| Cisco FireSIGHT System Software | =5.4.1.2 | |
| Cisco FireSIGHT System Software | =5.4.1.3 | |
| Cisco FireSIGHT System Software | =5.4.1.4 | |
| Cisco FireSIGHT System Software | =6.0.0 | |
| Cisco FireSIGHT System Software | =6.0.0.1 | |
| Cisco FireSIGHT System Software | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1345?
CVE-2016-1345 is rated as a high severity vulnerability due to its potential to allow remote attackers to bypass malware protection.
How do I fix CVE-2016-1345?
To fix CVE-2016-1345, update Cisco FireSIGHT System Software to version 6.0.1 or later and ASA with FirePOWER Services to version 6.0.0.1 or later.
Which Cisco products are affected by CVE-2016-1345?
CVE-2016-1345 affects Cisco FireSIGHT System Software versions 5.4.0 to 6.0.1 and ASA with FirePOWER Services versions 5.4.0 to 6.0.0.1.
What does CVE-2016-1345 exploit?
CVE-2016-1345 exploits crafted fields in HTTP headers to bypass malware protection mechanisms.
Is CVE-2016-1345 being actively exploited?
As of the last report, there have been no indications that CVE-2016-1345 is being actively exploited in the wild.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco asa firepower
- version/cisco asa firepower/5.4.0
- version/cisco asa firepower/5.4.0.1
- version/cisco asa firepower/5.4.0.2
- version/cisco asa firepower/5.4.0.3
- version/cisco asa firepower/5.4.0.4
- version/cisco asa firepower/5.4.0.5
- version/cisco asa firepower/5.4.0.6
- version/cisco asa firepower/6.0.0
- version/cisco asa firepower/6.0.0.1
- canonical/cisco firesight system software
- version/cisco firesight system software/5.4.0
- version/cisco firesight system software/5.4.0.1
- version/cisco firesight system software/5.4.0.2
- version/cisco firesight system software/5.4.0.3
- version/cisco firesight system software/5.4.0.4
- version/cisco firesight system software/5.4.0.5
- version/cisco firesight system software/5.4.0.6
- version/cisco firesight system software/5.4.1
- version/cisco firesight system software/5.4.1.2
- version/cisco firesight system software/5.4.1.3
- version/cisco firesight system software/5.4.1.4
- version/cisco firesight system software/6.0.0
- version/cisco firesight system software/6.0.0.1
- version/cisco firesight system software/6.0.1