Cisco ASA FirePOWER Services Input Validation Flaw Lets Remote Users Bypass Malware Detection on the Target System
SecurityTracker Alert ID: 1035437|
SecurityTracker URL: http://securitytracker.com/id/1035437
(Links to External Site)
Date: Mar 30 2016
Host/resource access via network, Modification of system information|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 5500-X Series with FirePOWER Services|
A vulnerability was reported in Cisco ASA FirePOWER Services. A remote user can bypass malware detection.|
A remote user can supply specially crafted HTTP header values to the target system to trigger an input validation flaw in the malicious file detection and blocking features and bypass malware detection on the target system.
The vendor has assigned bug ID CSCux22726 to this vulnerability.
Dikla Barda, Liad Mizrachi, and Oded Vanunu of the Check Point Security Team reported this vulnerability.
A remote user can bypass malware detection.|
The vendor has issued a fix (FirePOWER 184.108.40.206, 220.127.116.11, 6.0.1).|
The vendor's advisory is available at:
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp (Links to External Site)
Input validation error|
Source Message Contents
-----BEGIN PGP SIGNED MESSAGE-----
Cisco Firepower Malware Block Bypass Vulnerability
Advisory ID: cisco-sa-20160330-fp
For Public Release 2016 March 30 16:00 UTC (GMT)
A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.
The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
-----END PGP SIGNATURE-----
cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your message to firstname.lastname@example.org