Executive Summary

Summary
Title Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability
Informations
Name cisco-sa-20171004-fpsnort First vendor Publication 2017-10-04
Vendor Cisco Last vendor Modification 2017-10-04
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.

The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort"]

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJZ1QWHZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnxFg//YrKL+b2N3uMJH5Y1 irhUd5kXgaKFXxCxBLXTdGCaFvJRuSSCAAT2y9TwjhpZAKgAJRZrAZLegLT/EKr0 MS5dQpMTFp8ThyOiqhJYKCN9WDP8ZevEZNihbo/ySjZKpNgsoph9melb7ertmfBo tkbk0B3Q47KlqyyWg4mgjLoW5eF/bmW3pMplpoRVgm6DRmVYN5DacTmYSMJYZn/j DKV20SOMVuKOQ8evcUdY/fPerbtSegCkz1N5u+bN+3qfyLefBo1i5t0y/EkJ678z bKDwNcFGgCduS0rFPqBcmmgG/a1Tq4C9dzDH7/vSIsLVKsvUgBocs+xZAoc5tzn8 NEI1n/Su4pHGPrGFS+psATgenVhQjHCSg13nyBUXMyq9AEdzodre5ARzDzE6mU5a YcHEK3q4gljXRQE8NhnhKaOZ06ZzEA0qJLgq9I8rpp7LhySFF1Jk7UlDjZskWrX9 LTT0JKFQsabmDGIx7xxWmT/POGgzE3gDR3lWnWovuzLVexRKGhsIUDlUeYQBo1ii 4WU+7GUGo6v54cRiT1rr0qIWb36ldZKHOdvDEPreFW5ldcAigRdhFGDfG+VSdgcH nmLYYiJBlfTvZn0LyfKnhlWweg2oVPEnuDscYth3r76A/kAbZFyVL5zXWs9tcwi6 CvZO17m3vPXUbjjIu+XvQuGGE34= =F3iZ END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12

Nessus® Vulnerability Scanner

Date Description
2017-10-12 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20171004-ftd-firepower_threat_defense.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2017-10-20 21:25:38
  • Multiple Updates
2017-10-13 13:25:48
  • Multiple Updates
2017-10-05 13:26:50
  • Multiple Updates
2017-10-04 21:22:28
  • First insertion