Main Vulnerability Database SB2018060716

SB2018060716 - Security restrictions bypass in Cisco FireSIGHT

Published: June 7, 2018

Security Bulletin ID SB2018060716

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2018-0333)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in the VPN configuration management of Cisco FireSIGHT System Software due to incorrect management of the configured interface names and VPN parameters when dynamic CLI configuration changes are performed. A remote unauthenticated attacker can send specially crafted packets through an interface and bypass configured VPN policies.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-FireSIGHT-vp...