Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6460

A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.

Published

2016-11-19T03:03:03.537

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-254

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	firesight_system_software	5.4.0.2	Yes
Application	cisco	firesight_system_software	5.4.1.1	Yes
Application	cisco	firesight_system_software	5.4.1.6	Yes
Application	cisco	firesight_system_software	6.0.0	Yes
Application	cisco	firesight_system_software	6.1.0	Yes
Application	cisco	firesight_system_software	6.2.0	Yes

References

http://www.securityfocus.com/bid/94359 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/94359 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)