Twenty Year Anniversary

Cisco Security Advisory 20160330-fp

Cisco Security Advisory 20160330-fp
Posted Mar 30, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | cbe6828486abd044f7e9313e9b285253

Cisco Security Advisory 20160330-fp

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower Malware Block Bypass Vulnerability

Advisory ID: cisco-sa-20160330-fp

Revision 1.0

For Public Release 2016 March 30 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.

The vulnerability is due to improper input validation of fields in HTTP headers. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVvKwFq89gD3EAJB5AQIjFg/+MHsKskM68q7HIhF7EB6yN3Pjau4/1bPd
9xYd3UJ1bh9jmrObAlwEIL+P40WUKQCO23Z/66opMboXTBSMLrAe1/2xMevx+6f5
Gkl8V1Ew0Ziona0DE3D3vtdPTmnY19KRpUwIMQbYsiKs2SaxoiX04J5Ny21+Uxvz
xskTGEW0kX7HpZ2kWODmBTyLJS1/59SJ4WNt7Sf57FOsIZRg8tk4de27yavaVqbw
eFZRYRYITnW9Ks231NhJJErM64qCis2r9yNxU5tP6BbL/CDJNbcsbqXif2t4pDCZ
YLTm3sIzfLpmz+YCWSNwcc+UBe34ssmV8zRt3O51mruY7cWKycanvrHq+S9xURix
eVoaw+PWZl5kI0RMqQhT9lKR/INXR2Ek93KNPOJXYKuEk8UJA+mVzphUVJR7tifH
+iPK7SEEPASodgE5S2lP4d5iUV6U590eUABcfSmtbCP1a80lHpjXQVmjqIa3gnEm
Byab7fxjDDGfFcnMdndWyJhEULPgIo5BCg6jMCw9SWvK7u+rSqpA/VaVc3UnvU2K
xBTSm2DKd1t09Fo6x1rk+mLOhZ+Ch+7JLCcJxNJe9J0+a4YyuHE99RgV3WmGqOb3
Kx8ojX5yF6KqT+K4pZx2LKwL8rp+r5lZu40EIz0jrFGhKKXftLOADWqMbFwZOxKR
xUMD/t+aY6s=
=sOTL
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close