CVE-2015-6427

EUVD-2015-6368
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
ciscofiresight_system_software
5.3.0
ciscofiresight_system_software
5.3.0.1
ciscofiresight_system_software
5.3.0.2
ciscofiresight_system_software
5.3.1
ciscofiresight_system_software
5.3.1.1
ciscofiresight_system_software
5.3.1.2
ciscofiresight_system_software
5.3.1.3
ciscofiresight_system_software
5.3.1.4
ciscofiresight_system_software
5.3.1.5
ciscofiresight_system_software
5.3.1.7
ciscofiresight_system_software
5.4.0
ciscofiresight_system_software
5.4.0.1
ciscofiresight_system_software
5.4.0.4
ciscofiresight_system_software
5.4.1
ciscofiresight_system_software
5.4.1.2
ciscofiresight_system_software
5.4.1.3
ciscofiresight_system_software
5.4.1.4
ciscofiresight_system_software
6.0.0
ciscofiresight_system_software
6.0.0.1
ciscofiresight_system_software
6.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://www.securitytracker.com/id/1034488
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm
http://www.securitytracker.com/id/1034488