Guest

Preview Tool

Cisco Bug: CSCvh84511 - Cisco FireSIGHT System URL-based Access Control Policy Bypass Vulnerability

Last Modified

Oct 11, 2018

Products (32)

  • Cisco Firepower Management Center
  • Cisco Firepower Management Center 2500
  • Cisco FirePOWER Appliance 8360
  • Cisco FirePOWER Appliance 8260
  • Cisco FirePOWER Appliance 8120
  • Cisco FirePOWER Appliance 7050
  • Cisco FirePOWER Appliance 8130
  • Cisco AMP 8150
  • Cisco FirePOWER Appliance 8140
  • Cisco FirePOWER Appliance 8350
View all products in Bug Search Tool Login Required

Known Affected Releases

6.0.0 6.1.0 6.2.0 6.2.1 6.2.2

Description (partial)

Symptom:
A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated,
remote attacker to bypass a configured URL based Access Control (AC) policy to block traffic.
 
The vulnerability is due to the incorrect handling of TCP  packets received out of order when TCP SYN retransmission is issued. An attacker
could exploit this vulnerability by sending a crafted  connection through affected device. An exploit could allow the attacker to bypass a
configured URL AC policy to block traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-url-bypass

Conditions:
Please refer to Security Advisory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.