Cisco FireSIGHT Management Center Certificate Validation Vulnerability
4 Feb. 2016
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 220.127.116.11 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code
The information has been provided by Cisco.
* Cisco FireSIGHT Management Center (MC) 5.2 through 18.104.22.168
A vulnerability in the rule update functionality of Cisco FireSIGHT Management Center (MC) could allow an unauthenticated, remote attacker to manipulate the content of the rule update packages and execute arbitrary code on the system. The vulnerability is due to lack of certificate validation during the HTTPS connection toward support.sourcefire.com to download the rule update package. An attacker could exploit this vulnerability by performing a man-in-the-middle attack (such as DNS hijacking) to enable manipulation of the rule update package content. An exploit could allow the attacker to execute arbitrary code on the system with the privileges of the web server.