CVE-2015-6427

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
ciscofiresight_system_software
5.3.0
ciscofiresight_system_software
5.3.0.1
ciscofiresight_system_software
5.3.0.2
ciscofiresight_system_software
5.3.1
ciscofiresight_system_software
5.3.1.1
ciscofiresight_system_software
5.3.1.2
ciscofiresight_system_software
5.3.1.3
ciscofiresight_system_software
5.3.1.4
ciscofiresight_system_software
5.3.1.5
ciscofiresight_system_software
5.3.1.7
ciscofiresight_system_software
5.4.0
ciscofiresight_system_software
5.4.0.1
ciscofiresight_system_software
5.4.0.4
ciscofiresight_system_software
5.4.1
ciscofiresight_system_software
5.4.1.2
ciscofiresight_system_software
5.4.1.3
ciscofiresight_system_software
5.4.1.4
ciscofiresight_system_software
6.0.0
ciscofiresight_system_software
6.0.0.1
ciscofiresight_system_software
6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://www.securitytracker.com/id/1034488
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://www.securitytracker.com/id/1034488