Sign-up

ID

VAR-201804-0997


CVE

CVE-2018-0243


TITLE

Cisco Firepower System Software Vulnerability in protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2018-004317

DESCRIPTION

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807. Vendors have confirmed this vulnerability Bug ID CSCvg68807 It is released as.Information may be tampered with. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The detection engine is one of the intrusion detection engines. The vulnerability stems from the fact that the program does not detect SMB2 or SMB3 files

Trust: 2.07

sources: NVD: CVE-2018-0243 // JVNDB: JVNDB-2018-004317 // BID: 103943 // VULHUB: VHN-118445 // VULMON: CVE-2018-0243

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:ltversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower threat defense softwarescope:ltversion:6.2.3

Trust: 0.8

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.4.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:5.3.0

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.0.1

Trust: 0.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.1.0

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2.1

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:neversion:6.2.3

Trust: 0.3

sources: BID: 103943 // JVNDB: JVNDB-2018-004317 // CNNVD: CNNVD-201804-1099 // NVD: CVE-2018-0243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0243
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0243
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-1099
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118445
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118445
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0243
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118445 // VULMON: CVE-2018-0243 // JVNDB: JVNDB-2018-004317 // CNNVD: CNNVD-201804-1099 // NVD: CVE-2018-0243

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-118445 // JVNDB: JVNDB-2018-004317 // NVD: CVE-2018-0243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1099

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004317

PATCH
title:cisco-sa-20180418-fssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss
Trust: 0.8
title:Cisco Firepower System Software detection Repair measures for engine security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81394
Trust: 0.6
title:Cisco: Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180418-fss
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0243 // 
            
            
            
            JVNDB: JVNDB-2018-004317 // 
            
            
            
            CNNVD: CNNVD-201804-1099

EXTERNAL IDS
db:NVDid:CVE-2018-0243
Trust: 2.9
db:BIDid:103943
Trust: 2.1
db:JVNDBid:JVNDB-2018-004317
Trust: 0.8
db:CNNVDid:CNNVD-201804-1099
Trust: 0.6
db:VULHUBid:VHN-118445
Trust: 0.1
db:VULMONid:CVE-2018-0243
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118445 // 
            
            
            
            VULMON: CVE-2018-0243 // 
            
            
            
            BID: 103943 // 
            
            
            
            JVNDB: JVNDB-2018-004317 // 
            
            
            
            CNNVD: CNNVD-201804-1099 // 
            
            
            
            NVD: CVE-2018-0243

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-fss
Trust: 2.2
url:http://www.securityfocus.com/bid/103943
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0243
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0243
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/693.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118445 // 
            
            
            
            VULMON: CVE-2018-0243 // 
            
            
            
            BID: 103943 // 
            
            
            
            JVNDB: JVNDB-2018-004317 // 
            
            
            
            CNNVD: CNNVD-201804-1099 // 
            
            
            
            NVD: CVE-2018-0243

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 103943

SOURCES
db:VULHUBid:VHN-118445
db:VULMONid:CVE-2018-0243
db:BIDid:103943
db:JVNDBid:JVNDB-2018-004317
db:CNNVDid:CNNVD-201804-1099
db:NVDid:CVE-2018-0243

LAST UPDATE DATE
2024-11-23T22:45:23.820000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118445date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0243date:2019-10-09T00:00:00
db:BIDid:103943date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004317date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1099date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0243date:2024-11-21T03:37:48.183

SOURCES RELEASE DATE
db:VULHUBid:VHN-118445date:2018-04-19T00:00:00
db:VULMONid:CVE-2018-0243date:2018-04-19T00:00:00
db:BIDid:103943date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004317date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1099date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0243date:2018-04-19T20:29:00.973