How severe is CVE-2016-9209?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2016-9209?

This is classified as CWE-254, which is a common weakness in software security.

CVE-2016-9209

MEDIUM Year: 2016

CVSS v3 Score

4.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-254

View all →

Vulnerability Description

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.

CVE-2015-5331

MEDIUM

CVSS:4.3(Medium)

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct s...

CWE-2542015

CVE-2015-7976

MEDIUM

CVSS:4.3(Medium)

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a cr...

CWE-2542015

CVE-2016-10148

MEDIUM

CVSS:4.3(Medium)

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authent...

CWE-2542016

CVE-2016-1616

MEDIUM

CVSS:4.3(Medium)

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused...

CWE-2542016

CVE-2016-1657

MEDIUM

CVSS:4.3(Medium)

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which ...

CWE-2542016

CVE-2016-1664

MEDIUM

CVSS:4.3(Medium)

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other...

CWE-2542016

CVE-2016-9209

Vulnerability Description

Related Vulnerabilities

CVE-2015-5331

CVE-2015-7976

CVE-2016-10148

CVE-2016-1616

CVE-2016-1657

CVE-2016-1664