SB2018050708 - Multiple vulnerabilities in Cisco Firepower

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-0281)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup. A remote attacker can send a specially crafted TLS connection setup request and cause the service to crash.

2) Information disclosure (CVE-ID: CVE-2018-0278)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the management console due to improper cross-origin domain protections for the WebSocket protocol. A remote attacker can trick the victim into visiting a malicious website designed to send requests while the user is logged into the application with an active session cookie and retrieve policy or configuration information.

3) Improper input validation (CVE-ID: CVE-2018-0283)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup. A remote attacker can send specially crafted TLS traffic and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp