Security restrictions bypass in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2018-0138
Published: February 8, 2018
Vulnerability identifier: #VU10410
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0138
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in the detection engine of Cisco Firepower System Software due to the affected software does not detect BitTorrent handshake messages correctly. A remote attacker can send a specially crafted BitTorrent connection request and bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol.
The weakness exists in the detection engine of Cisco Firepower System Software due to the affected software does not detect BitTorrent handshake messages correctly. A remote attacker can send a specially crafted BitTorrent connection request and bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol.
How to mitigate CVE-2018-0138
Update to version 6.1.0.6.