Vulnerability identifier: #VU27583

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-3285

CWE-ID: CWE-693

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error with Snort handling of the connection with the Transport Layer Security (version 1.3) policy and URL category configuration. A remote attacker can send a specially crafted TLS connections to an affected device, bypass the TLS policy and access URLs that are outside the affected device and normally would be dropped.

Mitigation
Vendor recommends to update the Cisco FTD Software Release to version 6.4.0.9, scheduled for May 2020.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.4.0 - 6.4.0.8

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-bypass-O5tGum2n

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.