CVE-2016-6460
Severity CVSS v4.0:
Pending analysis
Type:
CWE-254
Security Features
Publication date:
19/11/2016
Last modified:
12/04/2025
Description
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:firesight_system_software:5.4.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firesight_system_software:5.4.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firesight_system_software:5.4.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firesight_system_software:6.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firesight_system_software:6.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firesight_system_software:6.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page