Vulnslist

find the latest Cisco vulnerabilities

Cisco FirePOWER Malware Protection Bypass Vulnerability

cisco-sa-20161207-fpwr · Medium · Published · Updated

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-9209
Cisco Bug IDsCSCvb20102
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco FirePOWER Services Software for ASA, Cisco Firepower Threat Defense Software 6.0.0, Cisco Firepower Threat Defense Software 6.0.1, Cisco Firepower Threat Defense Software 5.3.0, Cisco Firepower Threat Defense Software 5.4.0, Cisco Firepower Threat Defense Software 6.1.0, Cisco Firepower Threat Defense Software

Related Products

Product CVE Evidence
Cisco Firepower Threat Defense Software CVE-2016-9209 Cisco OpenVuln
Cisco Firepower System Software CVE-2016-9209 Cisco OpenVuln
Cisco FirePOWER Services Software for ASA CVE-2016-9209 Cisco OpenVuln