SB2018042308 - Multiple vulnerabilities in Cisco Firepower Management Center
Published: April 23, 2018 Updated: April 23, 2018
Security Bulletin ID
SB2018042308
Severity
Medium
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Protection mechanism failure (CVE-ID: CVE-2018-0254)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists in the detection engine due to incorrect counting of the percentage of dropped traffic. A remote attacker can send network traffic and bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured.
2) Protection mechanism failure (CVE-ID: CVE-2018-0244)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists in the detection engine due to how the SMB protocol handles a case in which a large file transfer fails when some pieces of the file are successfully transferred to the remote endpoint, but ultimately the file transfer fails and is reset. A remote attacker can send a specially crafted SMB file transfer request and
bypass a configured file action policy to drop the Server Message Block protocol if a malware file is detected.
3) Protection mechanism failure (CVE-ID: CVE-2018-0243)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists in the detection engine due to incorrect detection of an SMB2 or SMB3 file based on the total file length. A remote attacker can send a specially crafted SMB2 or SMB3 transfer request, bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected.
4) Resource exhaustion (CVE-ID: CVE-2018-0233)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine due to improper handling of changes to SSL connection states. A remote attacker can send specially crafted SSL connections, trigger the detection engine to consume excessive system memory and cause the service to crash.
5) Resource exhaustion (CVE-ID: CVE-2018-0272)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to improper error handling while processing SSL traffic. A remote attacker can send a large volume of specially crafted SSL traffic, trigger a persistent high CPU utilization condition, degrade the device performance and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower