File Action Policy Bypass in Cisco Firepower System Software
CVE-2018-0244

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower System Software
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-0244?

A vulnerability exists in Cisco Firepower System Software that enables remote attackers to circumvent the device's file action policy designed to block malicious Server Message Block (SMB) file transfers. This flaw arises from the software's improper handling of SMB protocol scenarios where large file transfers fail. When exploited, an attacker can successfully send a malicious SMB file transfer request that should be filtered out by the device's security measures. This scenario is especially concerning for environments that rely on efficient malware protection, as the flaw permits the passage of harmful content under certain conditions, compromising system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Firepower System Software Cisco Firepower System Software

References

http://www.securityfocus.com/bid/103945

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Nov 27, 2017

JSON

Cisco

What is CVE-2018-0244?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.