Vulnerability identifier: #VU21628
Vulnerability risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Firepower Management Center
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass the file and malware inspection policies on an affected system.
The vulnerability exists in the file and malware inspection feature due to insufficient validation of incoming traffic. A remote attacker can send a specially crafted HTTP request, bypass the file and malware inspection policies and send malicious traffic through the affected device.
Mitigation
Install updates from vendor's website. The vulnerability is fixed in the Cisco VDB Fingerprint Database release 327.
Vulnerable software versions
Cisco Firepower Management Center: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fire-bypass
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.