Cisco Firepower System Software Detection Engine Malware and File Policies for RTF and RAR file types Improper Input Validation Protection Mechanism Failure Vulnerability

Summary

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types.

Credit:

The information has been provided by Yaser Mansour.

The original article can be found at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-firepwr-bypass


Details

The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit the other. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other.

Vulnerable Systems:

3000 Series Industrial Security Appliances (ISAs)

Adaptive Security Appliance (ASA) 5500-X Series Firewalls

ASA 5500-X Series with FirePOWER Services

Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances

AMP for Networks for FirePOWER 8000 Series Appliances

Firepower 2100 Series

Firepower 4100 Series

Firepower 1000 Series Appliances

FirePOWER 7000 Series Appliances

FirePOWER 8000 Series Appliances

Firepower 9300 Security Appliances

Firepower Threat Defense for Integrated Services Routers (ISRs)

FTD Virtual (FTDv)

Next-Generation Intrusion Prevention System (NGIPS)

CVE Information:

CVE-2019-12696

Disclosure Timeline:

Published Date:10/02/2019