CVE-2018-0297Protection Mechanism Failure in Cisco Firepower Threat Defense Software

CWE-693Protection Mechanism Failure4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 62.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Threat Defense SoftwareCisco Firepower Threat Defense
Timeline
PublishedMay 17
Latest updateMay 13

Description

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configure

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_threat_defense_softwareCisco Firepower Threat Defense Software

🔴Vulnerability Details

2
GHSA
GHSA-9j44-j9v3-4928: A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configu2022-05-13
CVEList
CVE-2018-0297: A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configu2018-05-17

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software Policy Bypass Vulnerability2018-05-16
CVE-2018-0297 — Protection Mechanism Failure in Cisco | cvebase