Multiple vulnerabilities in Cisco Firepower



Published: 2018-05-07
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-0281
CVE-2018-0278
CVE-2018-0283
CWE-ID CWE-20
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco Firepower Management Center
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU12383

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0281

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup. A remote attacker can send a specially crafted TLS connection setup request and cause the service to crash.

Mitigation

Update to versions 6.2.3 or 6.2.2.2.

Vulnerable software versions

Cisco Firepower Management Center: 6.1.0 - 6.2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU12384

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0278

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the management console due to improper cross-origin domain protections for the WebSocket protocol. A remote attacker can trick the victim into visiting a malicious website designed to send requests while the user is logged into the application with an active session cookie and retrieve policy or configuration information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco Firepower Management Center: 6.1.0 - 6.2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU12385

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0283

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup. A remote attacker can send specially crafted TLS traffic and cause the service to crash.


Mitigation

Update to version 6.2.2.2.

Vulnerable software versions

Cisco Firepower Management Center: 6.1.0 - 6.2.3

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###