Cisco FireSIGHT Management Center Certificate Validation Vulnerability
|
Información sobre el sistema
|
|
|
Software afectado |
Cisco |
Descripción
|
A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center (MC) could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the system. The vulnerability is due to lack of certificate validation during the HTTPS connection toward support.sourcefire.com to download the rule update package. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking)
More info:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FireSIGHT%20Management%20Center%20Certificate%20Validation%20Vulnerabi |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-6357. |