Denial of service in Cisco Firepower Management



Published: 2018-07-13
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-0385
CVE-2018-0370
CWE-ID CWE-20
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco Firepower Management Center
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU13856

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0385

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the detection engine parsing of Security Socket Layer (SSL) protocol packets due to improper input handling of the SSL traffic. A remote attacker can send a specially crafted SSL traffic to the detection engine and cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.

Mitigation

Update to version 6.2.2.4.

Vulnerable software versions

Cisco Firepower Management Center: 5.4.0 - 6.3.0

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepwr-ssl-...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU13857

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0370

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the detection engine due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. A remote attacker can send malicious traffic through an affected device, increase the resource consumption of a single instance of the Snort detection engine on an affected device and cause performance degradation and eventually the restart of the affected Snort process.

Mitigation

Update to version 6.2.2.3, 6.2.3.

Vulnerable software versions

Cisco Firepower Management Center: 6.1.0.7 - 6.2.2.2

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepower-do...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###