CiscoCISCO-SA-20161207-FPWRCisco FirePOWER Malware Protection Bypass Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
43.0%
A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked.
The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.
Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr”]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | firepower_threat_defense_software | 6.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.0:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 5.3 | cpe:2.3:a:cisco:firepower_threat_defense_software:5.3:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 5.4 | cpe:2.3:a:cisco:firepower_threat_defense_software:5.4:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 6.1 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.1:*:*:*:*:*:*:* |
| cisco | firepower_services_software_for_asa | any | cpe:2.3:a:cisco:firepower_services_software_for_asa:any:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 6.0.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.0.0:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 6.0.1 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.0.1:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 5.3.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:5.3.0:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 5.4.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:5.4.0:*:*:*:*:*:*:* |
| cisco | firepower_threat_defense_software | 6.1.0 | cpe:2.3:a:cisco:firepower_threat_defense_software:6.1.0:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
43.0%