Multiple vulnerabilities in Cisco Firepower Management Center
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-0254 CVE-2018-0244 CVE-2018-0243 CVE-2018-0233 CVE-2018-0272 |
| CWE-ID | CWE-693 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Firepower Management Center Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Protection mechanism failure
EUVDB-ID: #VU12072
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0254
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the detection engine due to incorrect counting of the percentage of dropped traffic. A remote attacker can send network traffic and bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured.
Update to versions 6.2.0.4, 6.1.0.6, 6.2.3 or 6.2.2.2.
Vulnerable software versionsCisco Firepower Management Center: 6.1.0.5 - 6.2.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Protection mechanism failure
EUVDB-ID: #VU12073
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0244
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the detection engine due to how the SMB protocol handles a case in which a large file transfer fails when some pieces of the file are successfully transferred to the remote endpoint, but ultimately the file transfer fails and is reset. A remote attacker can send a specially crafted SMB file transfer request and
bypass a configured file action policy to drop the Server Message Block protocol if a malware file is detected.
Update to version 6.2.3.
Vulnerable software versionsCisco Firepower Management Center: 6.2.0 - 6.2.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Protection mechanism failure
EUVDB-ID: #VU12074
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0243
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists in the detection engine due to incorrect detection of an SMB2 or SMB3 file based on the total file length. A remote attacker can send a specially crafted SMB2 or SMB3 transfer request, bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected.
Update to versions 6.2.3, 6.2.2.2 or 6.2.0.5.
Vulnerable software versionsCisco Firepower Management Center: 6.1.0 - 6.2.2.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU12081
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0233
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine due to improper handling of changes to SSL connection states. A remote attacker can send specially crafted SSL connections, trigger the detection engine to consume excessive system memory and cause the service to crash.
Update to versions 6.2.1, 6.2.0.3 or 6.1.0.6.
Vulnerable software versionsCisco Firepower Management Center: 5.4.0 - 6.2.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU12083
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0272
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper error handling while processing SSL traffic. A remote attacker can send a large volume of specially crafted SSL traffic, trigger a persistent high CPU utilization condition, degrade the device performance and cause the service to crash.
Update to version 6.2.3.
Vulnerable software versionsCisco Firepower Management Center: 6.2.1 - 6.2.2.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
