CISCO’s Firepower is flawed  


Hi folks!

Happen to use Firepower devices? Keep reading…

Cisco is sending out security updates to patch a critical vulnerability in its FirePower firewall products that were recently introduced. According to Cisco, the vulnerability allows attackers to slip malware onto critical systems without being detected. Snort, an open source network-based intrusion detection system is also affected by this.

Last week, the Cisco customers were alerted of the “high severity” vulnerability (CVE-2016-1345) and software updates has been released that address the vulnerability in Cisco Firepower System Software and later, and later and 6.0.1 and later.

Check Point security researchers  are credited for finding the vulnerability. Cisco and Check Point, both are unaware of any known compromised systems tied to the vulnerability. several Firepower firewall appliances, its Next Generation Intrusion Prevention System for both Blue Coat and VMware security services are among the impacted devices. Cisco’s website details a full list of impacted devices.

Alternatively, customers can check Cisco configurations (Policies>Access Control>Malware and File). Cisco says if the policy setting is “Block Files, Block Malware, or Detect Files” the system is vulnerable.

For Snort devices, if the Snort source code is compiled with the “enable-file-inspect configuration flag” then the system is also vulnerable to the malware exploit.

Cisco bulletin states that the vulnerability is linked to an improper input validation of fields in the HTTP headers that could allow attackers to exploit by “sending a crafted HTTP request to an affected system.”

Thereby, malware is installed on systems without detection. The patch is designed for versions and later of the software.  Cisco has released information regarding 30 vulnerabilities since the beginning of March. Out of these one is critical, 16 high severity and 13 medium severity.

Last month the Cisco Firepower Management Center and its Cisco Firepower Next-Generation Firewall were released. Cisco touts the two as being first to market with a “fully integrated” and threat-focused firewall. Cisco did not return requests for comment on this report.

Source: Akati

Comments are closed.