cnvd - cnvd-2016-01974

cnvd-2016-01974

Vulnerability from cnvd

Title: Cisco Firepower System Software安全绕过漏洞

Description:

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。

Cisco Firepower System Software的恶意文件检测和阻断功能存在安全绕过漏洞。由于程序未能正确验证HTTP头中的字段。远程攻击者可利用该漏洞通过发送特制的HTTP请求绕过恶意文件检测或阻断策略。

Severity: 中

Patch Name: Cisco Firepower System Software安全绕过漏洞的补丁

Patch Description:

Cisco Firepower System Software是美国思科（Cisco）公司的一款下一代防火墙产品（NGFW）。

Cisco Firepower System Software的恶意文件检测和阻断功能存在安全绕过漏洞。由于程序未能正确验证HTTP头中的字段。远程攻击者可利用该漏洞通过发送特制的HTTP请求绕过恶意文件检测或阻断策略。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp

Impacted products

Name
['Cisco Firepower System Software 5.4.0-6.0.1', 'Cisco ASA with FirePOWER Services 5.4.0-6.0.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1345"
    }
  },
  "description": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u7684\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u548c\u963b\u65ad\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1HTTP\u5934\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u7ed5\u8fc7\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u6216\u963b\u65ad\u7b56\u7565\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01974",
  "openTime": "2016-04-01",
  "patchDescription": "Cisco Firepower System Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3\u9632\u706b\u5899\u4ea7\u54c1\uff08NGFW\uff09\u3002\r\n\r\nCisco Firepower System Software\u7684\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u548c\u963b\u65ad\u529f\u80fd\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1HTTP\u5934\u4e2d\u7684\u5b57\u6bb5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u7ed5\u8fc7\u6076\u610f\u6587\u4ef6\u68c0\u6d4b\u6216\u963b\u65ad\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Firepower System Software 5.4.0-6.0.1",
      "Cisco ASA with FirePOWER Services  5.4.0-6.0.0.1"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-31",
  "title": "Cisco Firepower System Software\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2016-1345 (GCVE-0-2016-1345)

Vulnerability from cvelistv5

Published

2016-04-01 00:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1035437	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1035439	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1035438	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035437",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035437"
          },
          {
            "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
          },
          {
            "name": "1035439",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035439"
          },
          {
            "name": "1035438",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035438"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1035437",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035437"
        },
        {
          "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
        },
        {
          "name": "1035439",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035439"
        },
        {
          "name": "1035438",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035438"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035437",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035437"
            },
            {
              "name": "20160330 Cisco Firepower Malware Block Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
            },
            {
              "name": "1035439",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035439"
            },
            {
              "name": "1035438",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035438"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1345",
    "datePublished": "2016-04-01T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted