Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2980 Multiple vulnerabilities have been identified in Cisco Firepower products 4 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Firepower products Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-15390 CVE-2018-0455 CVE-2018-0453 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos Comment: This bulletin contains three (3) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Security Advisory Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability Priority: Medium Advisory ID: cisco-sa-20181003-fp-cmd-injection First Published: 2018 October 3 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg46466 CVE-2018-0453 CWE-264 CVSS Score: Base 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisco FMC. The vulnerability exists because the affected software performs insufficient checks for certain CLI commands, if the commands are executed via a Sourcefire tunnel connection. An attacker could exploit this vulnerability by authenticating with root privileges to a Firepower sensor or Cisco FMC, and then sending specific CLI commands to the Cisco FMC or through the Cisco FMC to another Firepower sensor via the Sourcefire tunnel connection. A successful exploit could allow the attacker to modify device configurations or delete files on the device that is running Cisco FMC Software or on any Firepower device that is managed by Cisco FMC. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection Affected Products o Vulnerable Products This vulnerability affects the following Cisco products, if they are running a vulnerable release of Cisco Firepower System Software: - Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services - Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls - FirePOWER 7000 Series Appliances - FirePOWER 8000 Series Appliances - Firepower 2100 Series Security Appliances - Firepower 4100 Series Security Appliances - Firepower 9300 Series Security Appliances - Firepower Management Center - Firepower Threat Defense - Firepower Threat Defense Virtual (FTDv) - Virtual Next-Generation Intrusion Prevention System (NGIPSv) For information about which Cisco Firepower System Software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Firepower System Software Release To determine which Cisco Firepower System Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and refer to the output of the command. The following example shows the output of the command for a device that is running Cisco Firepower System Software Release 6.2.0: > show version ---------------------[ ftd ]--------------------- Model : Cisco ASA5525-X Threat Defense (75) Version 6.2.0 (Build 362) UUID : 2849ba3c-ecb8-11e6-98ca-b9fc2975893c Rules update version : 2017-03-15-001-vrt VDB version : 279 --------------------------------------------------- Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: - 3000 Series Industrial Security Appliances (ISAs) - Adaptive Security Appliance (ASA) Software - Intrusion Prevention System (IPS) Software Details o Cisco FMC is the management device on the network for Cisco Firepower sensors. Firepower sensors run Cisco Firepower Threat Defense (FTD) Software. For more information about Firepower software and platforms, refer to the Cisco Firepower Compatibility Guide. The Sourcefire tunnel control channel protocol is used by Cisco FMC to manage and control Firepower sensors. A Sourcefire tunnel connection, which is a connection that uses this protocol, is used for communication between Cisco FMC and Firepower sensors. Cisco FMC is intended to control Firepower sensors. However, authentication should be required for Firepower sensors to issue commands to Cisco FMC or to other devices that are managed by Cisco FMC. The vulnerability described in this advisory is caused by a lack of authentication. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o For information about affected and fixed software releases, consult the Cisco bug ID(s) at the top of this advisory. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection Revision History +----------+---------------------------+----------+--------+------------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+------------------+ | 1.0 | Initial public release. | -- | Final | 2018-October-03 | +----------+---------------------------+----------+--------+------------------+ Legal Disclaimer o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - -------------------------------------------------------------------------------- Cisco Security Advisory Cisco Firepower System Software Detection Engine Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20181003-fp-smb-snort First Published: 2018 October 3 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg28189 CVE-2018-0455 CWE-19 CVSS Score: Base 8.6 CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X CVE-2018-0455 Summary o A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20181003-fp-smb-snort Affected Products o Vulnerable Products This vulnerability affects Cisco Firepower System Software running on any of the following Cisco products: - Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services - Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls - Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances - Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances - Firepower 2100 Series Security Appliances - Firepower 4100 Series Security Appliances - FirePOWER 7000 Series Appliances - FirePOWER 8000 Series Appliances - Firepower 9300 Series Security Appliances - FirePOWER Threat Defense for Integrated Services Routers (ISRs) - Firepower Threat Defense Virtual - Industrial Ethernet 3000 Series Switches - Next-Generation Intrusion Prevention System (NGIPSv) - Virtual Next-Generation Intrusion Prevention System (NGIPSv) For information about which Cisco Firepower System Software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Cisco Firepower System Software Release To determine which Cisco Firepower System Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and refer to the output of the command. The following example shows the output of the command for a device that is running Cisco Firepower System Software Release 6.2.0: > show version ---------------------[ ftd ]--------------------- Model : Cisco ASA5525-X Threat Defense (75) Version 6.2.0 (Build 362) UUID : 2849ba3c-ecb8-11e6-98ca-b9fc2975893c Rules update version : 2017-03-15-001-vrt VDB version : 279 ---------------------------------------------------- Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: - Adaptive Security Appliance (ASA) Software - Firepower Management Center - Meraki MX Security Appliances Indicators of Compromise o During an active exploitation of this vulnerability, it is possible that the SNORT process could be in Disk Sleep (or in D state) as observed by the operating system command top: top - 2017-03-20 13:34:36 up 16 days, 11:57, 0 users, load average: 1.40, 0.76 Tasks: 100 total, 1 running, 99 sleeping, 0 stopped, 0 zombie Cpu(s): 6.4%us, 3.9%sy, 0.0%ni, 54.8%id, 34.0%wa, 0.0%hi, 0.0%si, 0.9%st Mem: 3303936k total, 3181128k used, 122808k free, 16944k buffers Swap: 3310920k total, 1346860k used, 1964060k free, 207644k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 21732 sfsnort 1 -19 2148m 1.1g 25m D 17 33.9 309:16.55 snort 21733 sfsnort 1 -19 2154m 1.1g 26m D 8 34.4 337:19.92 snort SNORT instances in the D state are hung and cannot be recovered. These unrecoverable instances could prevent traffic from passing through the device, and could indicate that the vulnerability is being exploited on the device. Please contact the Cisco Technical Assistance Center (TAC) if additional assistance is required to determine whether the device has been compromised by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table, the left column lists releases of Cisco software. The right column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. ----------------------------------------------------------------------- - Cisco Firepower System Software | First Fixed Release for This - - | Vulnerability - -------------------------------------+--------------------------------- - 6.0 | 6.1.0.7 - -------------------------------------+--------------------------------- - 6.0.1 | 6.1.0.7 - -------------------------------------+--------------------------------- - 6.1.0 | 6.1.0.7 - -------------------------------------+--------------------------------- - 6.2.0 | 6.2.0.5 - -------------------------------------+--------------------------------- - 6.2.1 | 6.2.2.3 - -------------------------------------+--------------------------------- - 6.2.2 | 6.2.2.3 - -------------------------------------+--------------------------------- - 6.2.3 | Not vulnerable - ----------------------------------------------------------------------- To upgrade to a fixed release of Cisco Firepower System Software, customers can do one of the following: - For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade and, after installation is complete, reapply the access control policy. The Snort version that is installed depends on the FMC release. - For devices that are managed by using Cisco Adaptive Security Device Manager (ASDM) or Cisco Firepower Device Manager (FDM), use the ASDM or FDM interface to install the upgrade and, after installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort Revision History +----------+---------------------------+----------+--------+------------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+------------------+ | 1.0 | Initial public release. | -- | Final | 2018-October-03 | +----------+---------------------------+----------+--------+------------------+ Legal Disclaimer o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - -------------------------------------------------------------------------------- Cisco Security Advisory Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20181003-ftd-inspect-dos First Published: 2018 October 3 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvh77456 CVE-2018-15390 CWE-399 CVSS Score: Base 8.6 CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X CVE-2018-15390 CWE-399 Summary o A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos Affected Products o Vulnerable Products This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.2.3.x prior to Release 6.2.3.4, if FTP inspection is enabled, an access control rule with an associated FTP file policy is also enabled, and the software is running on any of the following Cisco products: - 3000 Series Industrial Security Appliances (ISAs) - ASA 5500-X Series Next-Generation Firewalls - Firepower 2100 Series Security Appliances - Firepower 4100 Series Security Appliances - Firepower 9300 ASA Security Module - Firepower Threat Defense Virtual (FTDv) FTP inspection is enabled by default in Cisco FTD Software. For detailed information about the default settings for application inspection policies, refer to the Cisco ASA Series Firewall CLI Configuration Guide. Determine the Cisco FTD Software Release To determine which Cisco FTD Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and refer to the output of the command. The following example shows the output of the command for a device that is running Cisco FTD Software Release 6.2.0: > show version ---------------------[ ftd ]--------------------- Model : Cisco ASA5525-X Threat Defense (75) Version 6.2.0 (Build 362) UUID : 2849ba3c-ecb8-11e6-98ca-b9fc2975893c Rules update version : 2017-03-15-001-vrt VDB version : 279 ---------------------------------------------------- Determine Whether FTP File Policies Are Associated with a Rule To determine whether FTP file policies are associated with access control rules that are enabled for a device, administrators can do either of the following: - For devices that are managed by using Cisco Firepower Management Center (FMC), open Cisco FMC, choose Policies > Access Control > Malware & File, and then choose an access control rule. Click the File Policy tab to view detailed information about any file policies that are associated with the rule. - For devices that are managed by using Cisco Firepower Device Manager (FDM), open Cisco FDM, choose Policies > Access Control, and then choose an access control rule. Click the File Policy tab to view detailed information about any file policies that are associated with the rule. Note that Cisco FDM supports use of predefined file policies only. Administrators cannot create file policies for access control rules. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software. Workarounds o There are no workarounds that address this vulnerability. However, administrators can disable FTP inspection. To disable FTP inspection in Cisco FTD Software Releases 6.2 and later, use Cisco FMC to add the following FlexConfig policy: policy-map global_policy class inspection_default no inspect ftp Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate release as indicated in the applicable table in this section. To help ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories: - cisco-sa-20181003-asa-dma-dos: Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability - cisco-sa-20181003-ftd-inspect-dos: Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability In the following table(s), the left column lists releases of Cisco software. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this collection of advisories and which release includes fixes for those vulnerabilities. Cisco FTD First Fixed Release First Fixed Release for All Software Release for This Vulnerabilities Described in the Vulnerability Collection of Advisories 6.0 Not vulnerable Migrate to 6.1.0.7 6.0.1 Not vulnerable Migrate to 6.1.0.7 6.1.0 Not vulnerable 6.1.0.7 6.2.0 Not vulnerable 6.2.0.7 (future release) 6.2.1 Not vulnerable Migrate to 6.2.2.5 (future release) 6.2.2 Not vulnerable 6.2.2.5 (future release) 6.2.3.4 6.2.3.4 6.2.3 6.2.3-85^1 6.2.3-85^1 6.2.3-991^2 6.2.3-991^2 ^1 The software image for Cisco Firepower Threat Defense Virtual (FTDv) for the AWS Cloud. ^2 The software image for Cisco FTDv for the Microsoft Azure Cloud. To upgrade to a fixed release of Cisco Firepower System Software, customers can do one of the following: - For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade and, after installation is complete, reapply the access control policy. The Snort version that is installed depends on the FMC release. - For devices that are managed by using Cisco Adaptive Security Device Manager (ASDM) or Cisco Firepower Device Manager (FDM), use the ASDM or FDM interface to install the upgrade and, after installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos Revision History +----------+---------------------------+----------+--------+------------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+------------------+ | 1.0 | Initial public release. | -- | Final | 2018-October-03 | +----------+---------------------------+----------+--------+------------------+ Legal Disclaimer o THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW7ViJGaOgq3Tt24GAQgAGQ/+LuLUfEKG7Q5W+Wk4GFUD9RGDqXHGIKqS OKTa9vA4xvdUDO27IZ1kULSEKA7qt0EhFA9KBwS+7UH0b8RK7T2s9dkYxpdTIh7E hAsm299hBLy7esZ/qLsb+golu9mYIT3BymzySn7N0r36j6KIdnRBLe2EVtdtHm+5 W6tRqBY0ZYPAmrSRI267mvVbwIbngXdzTa077kmkWoUPV3F07u7jrKpwFhZRwwR+ lEkCPn7Er3O0heqq+rGvPp2DWlF/HInOSfc0uxQsffUk/M/JkOxu+NURu0kGGmhY h9I2uJS3ZYqiSieTBMDl3LeeGJC5BZSM9CkCPYMahBlVzx3OsqmhTLMPTVkFDie0 lnPNgp6Sf3BO14XJd41bGaJ0w5iAjCsIqemNX9NQrWykM7uHt66WXB9MQPNWB083 SC32uqiif9n73CAU1RtlyFG7etj0sS43Pj5xHu+rH+U1D/PUzZinTSWkbrrEOUuQ rClwuv4KGpvyjtc9quJzuBuR91aLopciyQtkfgnetYPYNJeXggWgv35mYa42bjsg n25txRwpf3S8sgIdQk6td607pGIwAJKQNHS26gAxHJW+hVGW5fWAovQWEjYf7nAj O1Y2Du23VQytQ6w2pg7LDyqUAycbjQ7Uvsn+e2Xc1SL6XkEqB53yOTDi2gq5TuVs afgO8QPPjVw= =RGij -----END PGP SIGNATURE-----