Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Improper SSL Policy Packet Handling DoS (cisco-sa-20170503-ftd)

high Nessus Plugin ID 100425

Synopsis

The packet inspection software installed on the remote host is affected by a denial of service vulnerability.

Description

According to its version, the Cisco Firepower Threat Defense (FTD) software installed on the remote host is prior to 6.1.0.3 or else is 6.2.x prior to 6.2.1. It is, therefore, affected by a denial of service vulnerability in the access control policy due to improper handling of SSL packets. An authenticated, remote attacker can exploit this, via specially crafted SSL packets, to cause the system to stop inspecting and processing packets.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvc84361.

See Also

http://www.nessus.org/u?b37803ea

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc84361

Plugin Details

Severity: High

ID: 100425

File Name: cisco-sa-20170503-ftd.nasl

Version: 1.5

Type: local

Family: CISCO

Published: 5/25/2017

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:firepower, cpe:/a:cisco:firepower_threat_defense

Required KB Items: Host/Cisco/ASA, Host/Cisco/ASA/model, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 5/3/2017

Vulnerability Publication Date: 5/3/2017

Reference Information

CVE: CVE-2017-6625

BID: 98292

CISCO-SA: cisco-sa-20170503-ftd

CISCO-BUG-ID: CSCvc84361