#VU27583 Protection Mechanism Failure in Cisco Firepower Threat Defense (FTD) - CVE-2020-3285
Vulnerability identifier: #VU27583
Vulnerability risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-693
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Firepower Threat Defense (FTD)
Hardware solutions /
Security hardware applicances
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error with Snort handling of the connection with the Transport Layer Security (version 1.3) policy and URL category configuration. A remote attacker can send a specially crafted TLS connections to an affected device, bypass the TLS policy and access URLs that are outside the affected device and normally would be dropped.
Mitigation
Vendor recommends to update the Cisco FTD Software Release to version 6.4.0.9, scheduled for May 2020.
Vulnerable software versions
Cisco Firepower Threat Defense (FTD): 6.4.0 - 6.4.0.8
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-bypass-O5tGum2n
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
