Multiple vulnerabilities in Cisco Firepower Threat Defense Software



| Updated: 2020-05-07
Risk High
Patch available NO
Number of vulnerabilities 4
CVE-ID CVE-2020-3285
CVE-2020-3188
CVE-2020-3189
CVE-2020-3255
CWE-ID CWE-693
CWE-399
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Cisco Firepower Threat Defense (FTD)
Hardware solutions / Security hardware applicances

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Protection Mechanism Failure

EUVDB-ID: #VU27583

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3285

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error with Snort handling of the connection with the Transport Layer Security (version 1.3) policy and URL category configuration. A remote attacker can send a specially crafted TLS connections to an affected device, bypass the TLS policy and access URLs that are outside the affected device and normally would be dropped.

Mitigation

Vendor recommends to update the Cisco FTD Software Release to version 6.4.0.9, scheduled for May 2020.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): 6.4.0 - 6.4.0.8

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-bypass-O5tGum2n


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU27586

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3188

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the default session timeout period for specific to-the-box remote management connections is too long. A remote attacker can send a large and sustained number of crafted remote management connections and perform a denial of service (DoS) attack.

Mitigation

Vendor recommends to update the Cisco FTD Software Release to version 6.4.0.9, scheduled for May 2020 and Release 6.5.0.5.

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): - - 6.5.0

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU27588

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-3189

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the VPN System Logging functionality. A remote attacker can create or delete a VPN tunnel connection, which could leak a small amount of system memory for each logging event, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Vendor recommends to update the Cisco FTD Software Release to version 6.2.3.16 (June 2020), 6.3.0.6 (future release), 6.4.0.9 (May 2020), 6.5.0.5 (future release).

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): - - 6.2.3

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-Rdpe34sd8


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource exhaustion

EUVDB-ID: #VU27589

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3255

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the packet processing functionality. A remote attacker can send a high rate of IPv4 or IPv6 traffic through an affected device, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Vendor recommends to update the Cisco FTD Software Release to version 6.2.3.16 (June 2020), 6.3.0.6 (future release), 6.4.0.9 (May 2020), 6.5.0.5 (future release).

Vulnerable software versions

Cisco Firepower Threat Defense (FTD): - - 6.4.0

CPE2.3 External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###