Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1111
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER
Module Denial of Service Vulnerability
5 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6625
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Security Advisory
Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of
Service Vulnerability
Advisory ID: cisco-sa-20170503-ftd CVE-2017-6625
First Published: 2017 May 3 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvc84361
CVSS Score:
Base 5.4, Temporal 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:X/RC:X
Summary
A vulnerability in the access control policy of Cisco Firepower System
Software could allow an authenticated, remote attacker to cause an affected
system to stop inspecting and processing packets, resulting in a denial of
service (DoS) condition.
The vulnerability is due to improper SSL policy handling by the affected
software when packets are passed through the sensing interfaces of an
affected system. An attacker could exploit this vulnerability by sending
crafted packets through a targeted system.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
Affected Products
Vulnerable Products
This vulnerability affects Cisco Firepower System Software that is
configured with the SSL policy feature. For information about affected
software releases, consult the Cisco bug ID(s) at the top of this advisory.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by this
vulnerability.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For information about fixed software releases, consult the Cisco bug ID(s)
at the top of this advisory.
When considering software upgrades, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page, to determine exposure and a
complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Cisco Security Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
Revision History
Version Description Section Status Date
1.0 Initial public release. - Final 2017-May-03
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT
OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES
THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information
or contain factual errors. The information in this document is intended for
end users of Cisco products.
Cisco Security Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy. This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWQuz6Yx+lLeg9Ub1AQhnfQ/+PZgCAEI1HE5jV5x+WZBGupq2SdxJN3k7
n/t85iGJfIifGr2osO2POS31gWVyHBg4o2QNvKQKSvkACZuANzc6umn4PyhHTUMR
po9AyF7qRu6TejNc05pgIxyKcfUqkON1HYwtxU1W91MXWGGRROo55zj05wHwuyJY
4LH77Thl9xRZNDCBYcwyGRMAx7kFoLDKl4Ukz1iypYxQnS7EH6TfRNQ/8vyry7H9
lmsuq/IPi8i5y9CT8oiZeX57QtDoAOcE4yOtlaWPgMnSqnih9tjkH5A/OhELtcCb
dXXyNkfsX690X1G4vrgPYm2/C3M6YhjCy/mszhj0YnGl0DdjYTRG/eVFFqvfJ/Qt
i2dqMwhYYTHwoq31S8zEzgdRT5zOyP3dUZnD02eWMu7UKT1udMzFbcHbd4abyVD1
giS6s1WOUtb1R8K7zJEq9/ew1RXYRJIi6LPIXD8lMeYIXYpFw+3y42M6tBQsebtZ
W+8ZmjQaOYLknfazC2y81NgcoDVgID7mNwyGHcR/InVZaCB7UbhAnrEcuKuNjzR/
/lqiRQaVGpomA4PfnGW88JIriEASM8bCwNWl/bILy1RAbH6/Yvb2R6YeT9uAFLW4
5uAoMUc9mjMGJWPgT75iqu3XsVYn3p7XU0GQfDfPTK7JQ7mTA90/aR3ZXH42Dbg0
gkNz7FtWyH0=
=lR6v
-----END PGP SIGNATURE-----