SB2018071309 - Security restrictions bypass in Cisco FireSIGHT

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018071309

SB2018071309 - Security restrictions bypass in Cisco FireSIGHT

Published: July 13, 2018

Security Bulletin ID SB2018071309
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-0384)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in the detection engine due to an error when handling of TCP packets that are received out of order when a TCP SYN retransmission is issued. A remote attacker can send a maliciously crafted connection and bypass a URL-based access control policy that is configured to block traffic for the affected system.


2) Improper input validation (CVE-ID: CVE-2018-0383)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in the detection engine due to an error when handling of FTP control connections. A remote attacker can send a maliciously crafted FTP connection to transfer a file to an affected device and bypass a file policy that is configured to apply the Block upload with reset action to FTP traffic.


Remediation

Install update from vendor's website.

References