Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.

The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass

Security Impact Rating: Medium

CVE: CVE-2019-1970

Related:

  • No Related Posts

Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device.

The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos

Security Impact Rating: Medium

CVE: CVE-2019-1957

Related:

  • No Related Posts

Cisco Enterprise License Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Enterprise License Manager could allow an unauthenticated, remote attacker to view sensitive data.

The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-elm

Security Impact Rating: Medium

CVE: CVE-2018-0105

Related:

  • No Related Posts

Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate.

The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info

Security Impact Rating: Medium

CVE: CVE-2019-1940

Related:

  • No Related Posts

Cisco ASA and FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly.

The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190710-asa-ftd-dos

Security Impact Rating: High

CVE: CVE-2019-1873

Related:

  • No Related Posts

Cisco Small Business Series Switches Memory Corruption Vulnerability

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device.

The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt

Security Impact Rating: High

CVE: CVE-2019-1892

Related:

  • No Related Posts

Cisco Web Security Appliance HTTPS Certificate Denial of Service Vulnerability

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos

Security Impact Rating: High

CVE: CVE-2019-1886

Related:

  • No Related Posts

Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone.

The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ip-phone-sip-dos

Security Impact Rating: Medium

CVE: CVE-2019-1922

Related:

  • No Related Posts

Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPN Manager) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation.

The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-prime-privescal

Security Impact Rating: Medium

CVE: CVE-2019-1906

Related:

  • No Related Posts

Secure Mail iOS 19.3.5 and Secure Mail Android 19.6.5 Not Able to Create Account or Connection Error

Before users can create an account in Secure Mail for iOS version 19.3.5 or Secure Mail Android 19.6.5, you must do the following:

1. On Citrix ADC, the following cipher suite value must be added in the SSL Ciphers option: – ECDHE-RSA-AES256-GCM-SHA384.

Note: If the ciphers are already bound, go to step 2.

For details, see https://docs.citrix.com/en-us/netscaler/12/ssl/ciphers-available-on-the-citrix-ADC-appliances/configure-user-defined-cipher-groups-on-the-adc-appliance.html


2. Bind Enable Elliptical Curve Cryptography (ECC).

For details, see ECDSA cipher suites support in the Citrix ADC 12.1 documentation https://docs.citrix.com/en-us/citrix-adc/12-1/ssl/ciphers-available-on-the-citrix-ADC-appliances/ecdhe-ciphers.html.

For FIPS enabled environments, verify that the RSA key size for identity certificate (i.e. server certificate), intermediate certificates, and your root certificate are 2048 or 3072 bits. We do not currently support an RSA key size of 4096 bits in a FIPS-enabled environment . The new crypto library checks for key size and will reject the connection.

For configuration information see the following Citrix support article: https://support.citrix.com/article/CTX205289

Related:

  • No Related Posts