Cisco is releasing security updates to fix a critical vulnerability (CVE-2016-1345) that affects one of its newest products, the FirePower firewall. The flaw has been discovered by security researchers at Check Point Security.
According to the security advisory published by Cisco, an attacker can remotely exploit the flaw to allow malware bypass detection measured implemented by the FirePower firewall.
“A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.” states the advisory.
The vulnerability is related the improper input validation of fields in HTTP headers. The attacker can remotely exploit the flaw by sending a specifically crafted HTTP request to a vulnerable system.
“A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.” continues the advisory.
Cisco ranked the vulnerability as “high severity” so it has promptly released the security updates that solve the issue in Cisco Firepower System Software 188.8.131.52 and later, 184.108.40.206 and later and 6.0.1 and later.
Cisco confirmed that systems Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products are vulnerable:
At the time I was writing there isn’t no news regarding systems compromised by exploiting the vulnerability. Impacted Cisco hardware
A simple way to discover if a system is affected by the vulnerability is to check Cisco configurations (Policies>Access Control>Malware and File), if the policy is set on “Block Files, Block Malware, or Detect Files” the system is vulnerable.
The vulnerability also impacts the versions 220.127.116.11 and later of the Snort open source network-based intrusion detection system, users can download the updates on its official website.
(Security Affairs – Cisco FirePower firewall, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.