|CERT-In Vulnerability Note
Cisco FireSIGHT Management Center GET Request Information Disclosure Vulnerability
Original Issue Date:December 18, 2015
Severity Rating: MEDIUM
- Cisco FireSIGHT System Software version 4.10.3, 5.2.0, 5.3.0, 5.3.1 and 5.4.0
A vulnerability has been reported in Cisco FireSIGHT Management Center which could allow an unauthenticated remote attacker to view the sensitive information from the targeted device.
This vulnerability occurs due to improper sanitation of user-supplied input on the affected device. A remote attacker could exploit this vulnerability by sending a special crafted GET request to the affected device to view the sensitive information.
Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information on the affected device.
Apply appropriate updates as mentioned in CISCO advisory
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003