CVE-2016-1345

{"id": "CVE-2016-1345", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-04-01T00:59:00.113", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1035437", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1035438", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1035439", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."}, {"lang": "es", "value": "Cisco FireSIGHT System Software 5.4.0 hasta la versi\u00f3n 6.0.1 y ASA con FirePOWER Services 5.4.0 hasta la versi\u00f3n 6.0.0.1 permiten a atacantes remotos eludir la protecci\u00f3n de malware a trav\u00e9s de campos manipulados en cabeceras HTTP, tambi\u00e9n conocida como Bug ID CSCux22726."}], "lastModified": "2016-12-03T03:20:28.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8C72F82-238A-496E-9B01-F545889DE972"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AB63124-15FC-434A-9BC3-B8072BB74DD4"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC9D5C8-A2F7-4A4D-9672-BA92D3F70299"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3162DAB2-0866-4427-9B6D-58B025DFD0F0"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C51E5901-A395-4208-B642-4DD23A6B63A2"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6488E2-4B6A-4C93-A9CF-AA32013A1605"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:5.4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08314129-10D6-421C-AEE1-348460EBDD0C"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2239F826-AAFA-4354-9BED-2C33AEF983D8"}, {"criteria": "cpe:2.3:a:cisco:asa_with_firepower_services:6.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0275E2F5-30EF-4D0D-A0CC-BFEB0B97E378"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB13B96-D431-49BD-ADAB-9AE5DB559935"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79AECC9E-657F-4BFF-B640-B96CD1384647"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2424A93-0C9D-4839-9773-EBFD143F6240"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27E220F-160C-4706-9516-27889F7B37E2"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CB0484C-F0B7-4349-856E-194E97A7F8A6"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD5721D-8F28-4A7C-B2BE-97CE796B208A"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85DEC2B7-2142-4959-817F-2F9B3AA82660"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7DC251B-1CA8-4232-A900-885933E01FB1"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD0DF530-4865-45A1-87CA-6ED6026A56A6"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7335266F-B16F-4EFB-B1D2-1F61B3EBB437"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:5.4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13BF9C6F-B511-444B-B6B7-960DF8758964"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D52DB0-4441-41C9-900E-DE917B0CBC91"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D032900-6B00-4F4D-A2F7-6119F113675F"}, {"criteria": "cpe:2.3:a:cisco:firesight_system_software:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC5565FE-174C-41C7-9462-9138BB31507D"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}