Bypass Vulnerability in Cisco Firepower System Software
CVE-2018-0243

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower System Software
Vendor: CVE Published:; 19 April 2018

Summary

A vulnerability in Cisco Firepower System Software's detection engine may allow unauthorized remote attackers to bypass file action policies designed to block Server Message Block versions 2 and 3 (SMB2/SMB3) when malware is detected. The flaw arises from an incorrect detection mechanism regarding the total file length of SMB2 or SMB3 transfers. Attackers can exploit this vulnerability by sending specifically crafted SMB2 or SMB3 requests that escape the configured file action policies, potentially allowing the transfer of malicious files despite prior blocking configurations. Notably, this issue does not affect SMB Version 1.

Affected Version(s)

Cisco Firepower System Software Cisco Firepower System Software

References

http://www.securityfocus.com/bid/103943

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Nov 27, 2017