File Action Policy Bypass in Cisco Firepower System Software
CVE-2018-0244

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower System Software
Vendor: CVE Published:; 19 April 2018

Summary

A vulnerability exists in Cisco Firepower System Software that enables remote attackers to circumvent the device's file action policy designed to block malicious Server Message Block (SMB) file transfers. This flaw arises from the software's improper handling of SMB protocol scenarios where large file transfers fail. When exploited, an attacker can successfully send a malicious SMB file transfer request that should be filtered out by the device's security measures. This scenario is especially concerning for environments that rely on efficient malware protection, as the flaw permits the passage of harmful content under certain conditions, compromising system integrity.

Affected Version(s)

Cisco Firepower System Software Cisco Firepower System Software

References

http://www.securityfocus.com/bid/103945

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Nov 27, 2017