7.5

CVE-2016-6439

EPSS 0.15%
Published 27.10.2016 21:59:11
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Secure Firewall Management Center Version5.3.0

Cisco ≫ Secure Firewall Management Center Version5.3.0.2

Cisco ≫ Secure Firewall Management Center Version5.3.0.3

Cisco ≫ Secure Firewall Management Center Version5.3.0.4

Cisco ≫ Secure Firewall Management Center Version5.3.1

Cisco ≫ Secure Firewall Management Center Version5.3.1.3

Cisco ≫ Secure Firewall Management Center Version5.3.1.4

Cisco ≫ Secure Firewall Management Center Version5.3.1.5

Cisco ≫ Secure Firewall Management Center Version5.3.1.6

Cisco ≫ Secure Firewall Management Center Version5.4.0

Cisco ≫ Secure Firewall Management Center Version5.4.0.2

Cisco ≫ Secure Firewall Management Center Version5.4.1

Cisco ≫ Secure Firewall Management Center Version5.4.1.1

Cisco ≫ Secure Firewall Management Center Version5.4.1.2

Cisco ≫ Secure Firewall Management Center Version5.4.1.3

Cisco ≫ Secure Firewall Management Center Version5.4.1.4

Cisco ≫ Secure Firewall Management Center Version5.4.1.5

Cisco ≫ Secure Firewall Management Center Version5.4.1.6

Cisco ≫ Secure Firewall Management Center Version5.4_base

Cisco ≫ Secure Firewall Management Center Version6.0.0

Cisco ≫ Secure Firewall Management Center Version6.0.0.0

Cisco ≫ Secure Firewall Management Center Version6.0.0.1

Cisco ≫ Secure Firewall Management Center Version6.0.1

Cisco ≫ Secure Firewall Management Center Version6.0_base

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.355

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://www.securityfocus.com/bid/93787

http://www.securitytracker.com/id/1037061

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-6439

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-6439

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-6439

EUVD