SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Cisco ASA Vendors:   Cisco
Cisco ASA FirePOWER Services Input Validation Flaw Lets Remote Users Bypass Malware Detection on the Target System
SecurityTracker Alert ID:  1035437
SecurityTracker URL:  http://securitytracker.com/id/1035437
CVE Reference:   CVE-2016-1345   (Links to External Site)
Date:  Mar 30 2016
Impact:   Host/resource access via network, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5500-X Series with FirePOWER Services
Description:   A vulnerability was reported in Cisco ASA FirePOWER Services. A remote user can bypass malware detection.

A remote user can supply specially crafted HTTP header values to the target system to trigger an input validation flaw in the malicious file detection and blocking features and bypass malware detection on the target system.

The vendor has assigned bug ID CSCux22726 to this vulnerability.

Dikla Barda, Liad Mizrachi, and Oded Vanunu of the Check Point Security Team reported this vulnerability.

Impact:   A remote user can bypass malware detection.
Solution:   The vendor has issued a fix (FirePOWER 5.4.0.7, 5.4.1.6, 6.0.1).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower Malware Block Bypass Vulnerability

Advisory ID: cisco-sa-20160330-fp

Revision 1.0

For Public Release 2016 March 30 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.

The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVvKwFq89gD3EAJB5AQIjFg/+MHsKskM68q7HIhF7EB6yN3Pjau4/1bPd
9xYd3UJ1bh9jmrObAlwEIL+P40WUKQCO23Z/66opMboXTBSMLrAe1/2xMevx+6f5
Gkl8V1Ew0Ziona0DE3D3vtdPTmnY19KRpUwIMQbYsiKs2SaxoiX04J5Ny21+Uxvz
xskTGEW0kX7HpZ2kWODmBTyLJS1/59SJ4WNt7Sf57FOsIZRg8tk4de27yavaVqbw
eFZRYRYITnW9Ks231NhJJErM64qCis2r9yNxU5tP6BbL/CDJNbcsbqXif2t4pDCZ
YLTm3sIzfLpmz+YCWSNwcc+UBe34ssmV8zRt3O51mruY7cWKycanvrHq+S9xURix
eVoaw+PWZl5kI0RMqQhT9lKR/INXR2Ek93KNPOJXYKuEk8UJA+mVzphUVJR7tifH
+iPK7SEEPASodgE5S2lP4d5iUV6U590eUABcfSmtbCP1a80lHpjXQVmjqIa3gnEm
Byab7fxjDDGfFcnMdndWyJhEULPgIo5BCg6jMCw9SWvK7u+rSqpA/VaVc3UnvU2K
xBTSm2DKd1t09Fo6x1rk+mLOhZ+Ch+7JLCcJxNJe9J0+a4YyuHE99RgV3WmGqOb3
Kx8ojX5yF6KqT+K4pZx2LKwL8rp+r5lZu40EIz0jrFGhKKXftLOADWqMbFwZOxKR
xUMD/t+aY6s=
=sOTL
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC