SB2018071306 - Denial of service in Cisco Firepower Management
Published: July 13, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-0385)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the detection engine parsing of Security Socket Layer (SSL) protocol packets due to improper input handling of the SSL traffic. A remote attacker can send a specially crafted SSL traffic to the detection engine and cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.
2) Resource exhaustion (CVE-ID: CVE-2018-0370)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the detection engine due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. A remote attacker can send malicious traffic through an affected device, increase the resource consumption of a single instance of the Snort detection engine on an affected device and cause performance degradation and eventually the restart of the affected Snort process.
Remediation
Install update from vendor's website.