Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1614.3 Cisco Firepower Multiple Vulnerabilities 18 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Firepower Management Center Cisco Firepower Threat Defense Software Cisco Firepower Device Manager On-Box Software Cisco Firepower 1000 Series Cisco Firepower 2100 Series Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Root Compromise -- Existing Account Read-only Data Access -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Cross-site Scripting -- Remote/Unauthenticated Overwrite Arbitrary Files -- Existing Account Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-3334 CVE-2020-3318 CVE-2020-3313 CVE-2020-3312 CVE-2020-3311 CVE-2020-3310 CVE-2020-3309 CVE-2020-3308 CVE-2020-3307 CVE-2020-3302 CVE-2020-3301 CVE-2020-3285 CVE-2020-3283 CVE-2020-3255 CVE-2020-3253 CVE-2020-3189 CVE-2020-3188 CVE-2020-3186 CVE-2020-3179 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-dos-4v5nmWtZ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2100-arp-dos-kLdCK8ks https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdmfo-HvPWKxDe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xpftd-gYDXyN8H https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alfo-tHwFDmTE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcxss-UT3bMx9k https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcai-z5dQObVN https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-webredirect-TcFgd42y https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmcua-statcred-weeCcZct https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-2-sS2h7aWe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-infodis-kZxGtUJD https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-accesslist-bypass-5dZs5qZp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-N2vQZASR https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssl-bypass-O5tGum2n https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-shell-9rhJF68K https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp2100-arp-dos-kLdCK8ks Revision History: May 18 2020: Vendor released minior updates May 12 2020: Vendor released update 1.1 to clarify affected models May 7 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-ftd-tls-dos-4v5nmWtZ First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 15 14:00 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvq89361 CVE-2020-3283 CWE-119 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-tls-dos-4v5nmWtZ This advisory is part of the May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 12 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects Cisco Firepower 1000 Series appliances if they are running a vulnerable release of Cisco FTD Software and have a feature enabled that causes the device to process SSL/TLS messages. These features include, but are not limited to, the following: AnyConnect SSL VPN Clientless SSL VPN For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Determine Whether a Device Could Process SSL or TLS Messages To verify whether a device that is running Cisco FTD Software could process SSL or TLS packets, use the show asp table socket | include SSL|DTLS command and verify that it returns output. When this command returns any output, the device is vulnerable. When this command returns empty output, the device is not affected by the vulnerability described in this advisory. The following example shows the output of the show asp table socket | include SSL|DTLS command from a device that is vulnerable: ftd# show asp table socket | include SSL|DTLS SSL 0005aa68 LISTEN x.x.x.x:443 0.0.0.0:* SSL 002d9e38 LISTEN x.x.x.x:8443 0.0.0.0:* DTLS 0018f7a8 LISTEN 10.0.0.250:443 0.0.0.0:* Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Adaptive Security Appliance (ASA) Software Firepower Management Center (FMC) Software FTD Software running on any platform other than the Cisco Firepower 1000 Series Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Cisco First Fixed Release for This Vulnerability First Fixed Release for All Vulnerabilities FTD Described in the Bundle of Advisories Software Release Earlier than Not applicable ^2 Not applicable ^2 6.1.0 ^1 6.1.0 Not applicable ^2 Not applicable ^2 6.2.0 Not applicable ^2 Not applicable ^2 6.2.1 Not applicable ^2 Not applicable ^2 6.2.2 Not applicable ^2 Not applicable ^2 6.2.3 Not applicable ^2 Not applicable ^2 6.3.0 Not applicable ^2 Not applicable ^2 6.4.0.9 (May 2020) 6.4.0.9 (May 2020) Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later later Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar 6.4.0 and later and later Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later and later Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later later 6.5.0.5 (future release) Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar 6.5.0 Not vulnerable and later Cisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.6.0 Not vulnerable Not vulnerable 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. 2. Only Cisco FTD Software releases 6.4.0 and later support the Cisco Firepower 1000 Series. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found by Ilkin Gasimov of Cisco during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-tls-dos-4v5nmWtZ Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | 1.1 | Updated Hot Fixes for FTD | Fixed | Final | 2020-MAY-15 | | | releases 6.4.0 and 6.5.0. | Releases | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+-----------------------------+----------+--------+-------------+ - -------------------------------------------------------------------------------- Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-fp2100-arp-dos-kLdCK8ks First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq20910 CSCvr43476 CSCvr49833 CVE-2020-3334 CWE-399 CVSS Score: 7.4 AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit this vulnerability by sending a series of unicast ARP packets in a short timeframe that would reach the management interface of an affected device. A successful exploit could allow the attacker to consume resources on an affected device, which would prevent the device from sending internal system keepalives and eventually cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fp2100-arp-dos-kLdCK8ks Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco Adaptive Security Appliance (ASA) Software releases earlier than releases 9.10.1.37, 9.12.3, and 9.13.1.2. At the time of publication, this vulnerability affected Cisco Firepower Threat Defense (FTD) Software releases earlier than Release 6.6.0, if the software is running on a Cisco Firepower 2100 Series Security Appliance. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco FTD Software running on Cisco Adaptive Security Appliances and Cisco Integrated Services Routers. Cisco has confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software. Details o This vulnerability can be only be exploited on the Cisco Firepower 2100 Series Security Appliances management interface and the attacker would need to have L2 adjacency, which greatly decreases the attack surface. This is why the Security Impact Rating is Medium. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco ASA Software releases 9.10.1.37, 9.12.3, 9.13.1.2, and later contained the fix for this vulnerability. At the time of publication, Cisco FTD Software 6.4.0.9 (May 2020), 6.5.0.5 (future release), 6.6.0 and later contained the fix for this vulnerability.^1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fp2100-arp-dos-kLdCK8ks Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability Priority: Medium Advisory ID: cisco-sa-fdmfo-HvPWKxDe First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg48913 CVE-2020-3309 CWE-20 CVSS Score: 6.5 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fdmfo-HvPWKxDe Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FDM On-Box software releases earlier than Release 6.2.3. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FDM On-Box software releases 6.2.3 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fdmfo-HvPWKxDe Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability Priority: Medium Advisory ID: cisco-sa-xpftd-gYDXyN8H First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg48900 CVE-2020-3310 CWE-119 CVSS Score: 5.5 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:X/RL:X/RC:X Summary o A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-xpftd-gYDXyN8H Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FDM On-Box software releases earlier than Release 6.2.3. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FDM On-Box software releases 6.2.3 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-xpftd-gYDXyN8H Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Management Center Arbitrary Log File Write Vulnerability Priority: Medium Advisory ID: cisco-sa-alfo-tHwFDmTE First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvh20053 CVE-2020-3307 CWE-20 CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-alfo-tHwFDmTE Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FMC Software releases earlier than Release 6.3.0.2. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FMC Software releases 6.3.0.2 and later contained the fix for this vulnerability.^1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-alfo-tHwFDmTE Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Management Center Cross-Site Scripting Vulnerability Priority: Medium Advisory ID: cisco-sa-fmcxss-UT3bMx9k First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvh20060 CVE-2020-3313 CWE-79 CVSS Score: 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the FMC Software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive, browser-based information. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcxss-UT3bMx9k Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco Firepower Management Center (FMC) releases earlier than Release 6.2.2.3. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco FMC Software Cisco FMC Software Release First Fixed Release for This Vulnerability Earlier than 6.1.0^1 Migrate to a fixed release. 6.1.0 Migrate to a fixed release. 6.2.0 Migrate to a fixed release. 6.2.1 Migrate to a fixed release. 6.2.2 6.2.2.3 6.2.3 6.2.3 6.3.0 Not vulnerable. 6.4.0 Not vulnerable. 6.5.0 Not vulnerable. 6.6.0 Not vulnerable. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcxss-UT3bMx9k Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Management Center File Overwrite Vulnerability Priority: Medium Advisory ID: cisco-sa-fmcai-z5dQObVN First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvh03970 CVE-2020-3302 CWE-20 CVSS Score: 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to overwrite files on the file system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted file to the web UI on an affected device. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcai-z5dQObVN Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FMC Software releases earlier than Release 6.2.2.2. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FMC Software releases 6.2.2.2 and later contained the fix for this vulnerability.^1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcai-z5dQObVN Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Management Center Open Redirect Vulnerability Priority: Medium Advisory ID: cisco-sa-fmc-webredirect-TcFgd42y First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvh03964 CVE-2020-3311 CWE-601 CVSS Score: 4.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmc-webredirect-TcFgd42y Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FMC Software releases earlier than Release 6.3.0. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FMC Software releases 6.3.0 and later contained the fix for this vulnerability.^1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmc-webredirect-TcFgd42y Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Management Center Static Credential Vulnerabilities Priority: Medium Advisory ID: cisco-sa-fmcua-statcred-weeCcZct First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvo08211 CSCvq50674 CVE-2020-3301 CVE-2020-3318 CWE-798 CVSS Score: 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcua-statcred-weeCcZct Affected Products o Vulnerable Products At the time of publication, these vulnerabilities affected Cisco FMC Software releases earlier than Release 6.5.0 if they had a Firepower User Agent Software release earlier than Release 2.5.0 enabled. Note: This vulnerability also affected Cisco Adaptive Security Appliances (ASAs) that were being managed by the Adaptive Security Device Manager (ASDM). Customers are advised to upgrade to Cisco Firepower Services Release 6.5.0 or upgrade to Cisco FMC Software to manage ASAs. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Determine Whether Firepower User Agent Is Enabled To determine whether Cisco Firepower User Agent is enabled, do the following from the web UI: 1. Choose System > Integration > Identity Sources. 2. Check whether User Agent is selected. 3. Confirm which IP addresses are configured to allow access to FMC. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software. Details o Two vulnerabilities in Cisco FMC Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of the system with a high-privileged account. Details about the vulnerabilities are as follows: Cisco Firepower Management Center Static Credential Vulnerability A vulnerability in Cisco FMC Software could allow an unauthenticated, remote attacker to access a sensitive part of an affected system with a high-privileged account. This vulnerability is due to a system account that has a default and static password and that is not controlled by the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to user agent data. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. Bug ID(s): CSCvq50674 CVE ID: CVE-2020-3318 Security Impact Rating (SIR): Medium CVSS Base Score: 8.1 CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Cisco Firepower User Agent Static Credential Vulnerability A vulnerability in the Cisco Firepower User Agent software could allow an authenticated, local attacker to access a sensitive part of an affected system with a high-privileged account. This vulnerability is due to a system account that has a default and static password and is not controlled by the system administrator. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to obtain read and write access to user agent data. The attacker would gain access to a sensitive portion of the system, but the attacker would not have full administrative rights to control the device. Bug ID(s): CSCvo08211 CVE ID: CVE-2020-3301 Security Impact Rating (SIR): Medium CVSS Base Score: 7.1 CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Workarounds o There are no workarounds that addresses this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FMC Software releases 6.5.0 and later and Firepower User Agent Software releases 2.5.0 and later contained the fixes for these vulnerabilities.^1 To address these vulnerabilities, customers must upgrade both Cisco FMC Software and Cisco Firepower User Agent Software. Note: Customers who have ASAs that are managed by ASDMs are advised to upgrade to Cisco Firepower Services Release 6.5.0 or upgrade to Cisco FMC Software. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmcua-statcred-weeCcZct Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-ftd-dos-2-sS2h7aWe First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 15 13:47 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvq78828 CVE-2020-3179 CWE-415 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-2-sS2h7aWe This advisory is part of the May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 12 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects Cisco FTD Software releases 6.3.0 and 6.4.0. Note: GRE tunnel decapsulation in the LINA engine was introduced in Cisco FTD Software Release 6.3.0. This feature is enabled by default and cannot be disabled. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. However, as a mitigation, customers can choose to bypass decapsulation for GRE-tunneled flows. To bypass decapsulation, do the following from the FMC GUI: 1. Click Policies and choose Prefilter under Access Control . 2. Click Edit under the Prefilter Policy that is associated with the access policy assigned to the device. 3. Change the GRE tunnel rule type action to Fastpath . 4. Click Save . 5. Click Deploy . Note: This configuration will bypass the detection engine for GRE-tunneled traffic. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Cisco FTD Software Cisco FTD First Fixed First Fixed Release for All Vulnerabilities Software Release for Described in the Bundle of Advisories Release This Vulnerability Earlier Not than applicable. Migrate to a fixed release. 6.1.0 ^1 6.1.0 Not Migrate to a fixed release. applicable. 6.2.0 Not Migrate to a fixed release. applicable. 6.2.1 Not Migrate to a fixed release. applicable. 6.2.2 Not Migrate to a fixed release. applicable. 6.2.3.16 (June 2020) 6.2.3 Not Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tar applicable. Cisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar 6.3.0.6 (future release) 6.3.0 6.3.0.5 Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar 6.4.0.9 (May 2020) Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar 6.4.0 6.4.0.6 and later Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later 6.5.0.5 (future release) Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar 6.5.0 Not and later vulnerable. Cisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.6.0 Not 6.6.0 vulnerable. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found by Sanmith Prakash of Cisco during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-2-sS2h7aWe Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | 1.1 | Updated Hot Fixes for | Fixed | Final | 2020-MAY-15 | | | releases 6.4.0 and 6.5.0. | Releases | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+-----------------------------+----------+--------+-------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Information Disclosure Vulnerability Priority: Medium Advisory ID: cisco-sa-ftd-infodis-kZxGtUJD First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq87923 CVE-2020-3312 CWE-284 CVSS Score: 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-infodis-kZxGtUJD Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software releases earlier than releases 6.2.3.15, 6.3.0.5, and 6.4.0.6. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco FTD Software Cisco FTD Software Releases First Fixed Release for This Vulnerability Earlier than 6.1.0^1 Migrate to a fixed release. 6.1.0 Migrate to a fixed release. 6.2.0 Migrate to a fixed release. 6.2.1 Migrate to a fixed release. 6.2.2 Migrate to a fixed release. 6.2.3 6.2.3.15 6.3.0 6.3.0.5 6.4.0 6.4.0.6 6.5.0 Not vulnerable. 6.6.0 Not vulnerable. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-infodis-kZxGtUJD Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-ftd-accesslist-bypass-5dZs5qZp First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvr13823 CVE-2020-3186 CWE-284 CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-accesslist-bypass-5dZs5qZp Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software code trains 6.3.0, 6.4.0, and 6.5.0. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Release At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco FTD Software Cisco FTD Software Release First Fixed Release for This Vulnerability Earlier than 6.1.0^1 Not vulnerable. 6.1.0 Not vulnerable. 6.2.0 Not vulnerable. 6.2.1 Not vulnerable. 6.2.2 Not vulnerable. 6.2.3 Not vulnerable. 6.3.0 6.3.0.6 (future release) 6.4.0 6.4.0.7 6.5.0 6.5.0.2 6.6.0 Not vulnerable. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-accesslist-bypass-5dZs5qZp Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 15 14:56 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvo31790 CVE-2020-3188 CWE-399 CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X Summary o A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software releases earlier than Release 6.4.0.9 and Release 6.5.0.5. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Indicators of Compromise o If this vulnerability is being exploited, administrators may see the following system error logging message on the console or in the logging file: HTTP: [mpm_worker:error] server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting Administrators are advised to contact the Cisco Technical Assistance Center (TAC) to review the device logs to determine if this vulnerability is being exploited. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco FTD Software Cisco FTD Software First Fixed Release for This Vulnerability Release Earlier than 6.1.0 ^1 Migrate to a fixed release. 6.1.0 Migrate to a fixed release. 6.2.0 Migrate to a fixed release. 6.2.1 Migrate to a fixed release. 6.2.2 Migrate to a fixed release. 6.2.3 Migrate to a fixed release. 6.3.0 Migrate to a fixed release. 6.4.0.9 (May 2020) Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar 6.4.0 and later Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later 6.5.0.5 (future release) Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar 6.5.0 and later Cisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.6.0 Not vulnerable. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found by Santosh Krishnamurthy of Cisco during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-mgmt-interface-dos-FkG4MuTU Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | 1.1 | Updated Hot Fixes for FTD | Fixed | Final | 2020-MAY-15 | | | releases 6.4.0 and 6.5.0. | Releases | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+-----------------------------+----------+--------+-------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-ftd-dos-N2vQZASR First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 15 14:47 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvo80853 CVE-2020-3255 CWE-400 CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-N2vQZASR This advisory is part of the May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 12 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FTD Software and are configured with an access control policy to block certain types of traffic. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Cisco FTD Software Cisco First Fixed Release for This Vulnerability First Fixed Release for All Vulnerabilities FTD Described in the Bundle of Advisories Software Release Earlier than Migrate to a fixed release. Migrate to a fixed release. 6.1.0 ^1 6.1.0 Migrate to a fixed release. Migrate to a fixed release. 6.2.0 Migrate to a fixed release. Migrate to a fixed release. 6.2.1 Migrate to a fixed release. Migrate to a fixed release. 6.2.2 Migrate to a fixed release. Migrate to a fixed release. 6.2.3.16 (June 2020) 6.2.3.16 (June 2020) 6.2.3 Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar 6.3.0.6 (future release) 6.3.0.6 (future release) 6.3.0 Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar 6.4.0.9 (May 2020) 6.4.0.9 (May 2020) Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar 6.4.0 and later and later Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later and later Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later later 6.5.0.5 (future release) Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar 6.5.0 Not vulnerable. and later Cisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.6.0 Not vulnerable. 6.6.0 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-N2vQZASR Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | 1.1 | Updated Hot Fixes for FTD | Fixed | Final | 2020-MAY-15 | | | releases 6.4.0 and 6.5.0. | Releases | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+-----------------------------+----------+--------+-------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software SSL/TLS URL Category Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-ssl-bypass-O5tGum2n First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq93669 CVE-2020-3285 CWE-693 CVSS Score: 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) policy with URL category functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured TLS 1.3 policy to block traffic for a specific URL. The vulnerability is due to a logic error with Snort handling of the connection with the TLS 1.3 policy and URL category configuration. An attacker could exploit this vulnerability by sending crafted TLS 1.3 connections to an affected device. A successful exploit could allow the attacker to bypass the TLS 1.3 policy and access URLs that are outside the affected device and normally would be dropped. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ssl-bypass-O5tGum2n Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software releases 6.4.0 through 6.4.0.8 with an SSL/TLS policy with URL category configured. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Release At the time of publication, Cisco expected to fix this vulnerability in Cisco FTD Software Release 6.4.0.9, scheduled for May 2020.^1 Cisco FTD Software releases earlier than Release 6.4.0 are not vulnerable. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ssl-bypass-O5tGum2n Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Shell Access Vulnerability Priority: Medium Advisory ID: cisco-sa-ftd-shell-9rhJF68K First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvp16933 CVE-2020-3253 CWE-284 CVSS Score: 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-shell-9rhJF68K Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software releases earlier than Release 6.5.0. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco FTD Software releases 6.5.0 and later contained the fix for this vulnerability.^1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-shell-9rhJF68K Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-sigbypass-FcvPPCeP First Published: 2020 May 6 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvg16015 CVE-2020-3308 CWE-347 CVSS Score: 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sigbypass-FcvPPCeP Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco FTD Software releases earlier than Release 6.2.2.1. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has determined that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC) Software. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases Cisco FTD Software At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. +-----------------------+------------------------------------------+ |Cisco FTD Major Release|First Fixed Release for This Vulnerability| +-----------------------+------------------------------------------+ |Earlier than 6.1.0^1 |Migrate to a fixed release. | +-----------------------+------------------------------------------+ |6.1.0 |Migrate to a fixed release. | +-----------------------+------------------------------------------+ |6.2.0 |Migrate to a fixed release. | +-----------------------+------------------------------------------+ |6.2.1 |Migrate to a fixed release. | +-----------------------+------------------------------------------+ |6.2.2 |6.2.2.1 | +-----------------------+------------------------------------------+ |6.2.3 |Not Vulnerable. | +-----------------------+------------------------------------------+ |6.3.0 |Not vulnerable. | +-----------------------+------------------------------------------+ |6.4.0 |Not vulnerable. | +-----------------------+------------------------------------------+ |6.5.0 |Not vulnerable. | +-----------------------+------------------------------------------+ |6.6.0 |Not vulnerable. | +-----------------------+------------------------------------------+ 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Subscribe to Cisco Security Notifications o Subscribe URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-sigbypass-FcvPPCeP Revision History o +----------+----------------------------+----------+---------+---------------+ | Version | Description | Section | Status | Date | +----------+----------------------------+----------+---------+---------------+ | 1.0 | Initial public release. | -- | Final | 2020-MAY-06 | +----------+----------------------------+----------+---------+---------------+ - -------------------------------------------------------------------------------- Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-ftd-dos-Rdpe34sd8 First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 15 14:14 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvo62077 CVE-2020-3189 CWE-400 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-Rdpe34sd8 This advisory is part of the May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 12 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects Cisco FTD Software releases 6.2.3.12, 6.2.3.13, 6.2.3.14, and 6.2.3.15 if VPN System Logging is configured. Determining if VPN System Logging Is Configured The administrator can check if VPN System Logging is configured on the Firepower Management Center (FMC) by clicking the System Status icon and navigating to VPN Logging Settings under Platform Settings > Syslog > Logging Setup . Please refer to VPN System Logs for additional information. Note : VPN System Logging is automatically enabled to be sent to the FMC by default whenever a device is configured with site-to-site or remote access VPNs. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Management Center (FMC). Workarounds o Disabling the VPN System Logging feature eliminates the attack vector for this vulnerability and may be a suitable mitigation until affected devices can be upgraded. Administrator can disable VPN System Logging on the Firepower Management Center (FMC) by clicking the System Status icon and navigating to VPN Logging Settings under Platform Settings > Syslog > Logging Setup . Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Cisco FTD Software Cisco First Fixed Release for This Vulnerability First Fixed Release for All Vulnerabilities FTD Described in the Bundle of Advisories Software Release Earlier than Not vulnerable. Migrate to a fixed release. 6.1.0 ^1 6.1.0 Not vulnerable. Migrate to a fixed release. 6.2.0 Not vulnerable. Migrate to a fixed release. 6.2.1 Not vulnerable. Migrate to a fixed release. 6.2.2 Not vulnerable. Migrate to a fixed release. 6.2.3.16 (June 2020) 6.2.3.16 (June 2020) 6.2.3 Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_FP2K_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar Cisco_FTD_SSP_Hotfix_DT-6.2.3.16-3.sh.REL.tar 6.3.0.6 (future release) Cisco_FTD_Hotfix_AO-6.3.0.6-2.sh.REL.tar 6.3.0 Not vulnerable. Cisco_FTD_SSP_FP2K_Hotfix_ AO-6.3.0.6-2.sh.REL.tar Cisco_FTD_SSP_Hotfix_ AO-6.3.0.6-2.sh.REL.tar 6.4.0.9 (May 2020) Cisco_FTD_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_FP2K_Hotfix_AY-6.4.0.9-3.sh.REL.tar 6.4.0 Not vulnerable. and later Cisco_FTD_SSP_FP1K_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_AY-6.4.0.9-3.sh.REL.tar and later 6.5.0.5 (future release) Cisco_FTD_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_FP1K_Hotfix_H-6.5.0.5-2.sh.REL.tar 6.5.0 Not vulnerable. and later Cisco_FTD_SSP_FP2K_Hotfix_H-6.5.0.5-2.sh.REL.tar and later Cisco_FTD_SSP_Hotfix_H-6.5.0.5-2.sh.REL.tar and later 6.6.0 Not vulnerable. 6.6.0 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: May 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-ftd-dos-Rdpe34sd8 Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | 1.1 | Updated Hot Fixes for FTD | Fixed | Final | 2020-MAY-15 | | | releases 6.4.0 and 6.5.0. | Releases | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+-----------------------------+----------+--------+-------------+ - ----------------------------------------------------------------------------- Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-fp2100-arp-dos-kLdCK8ks First Published: 2020 May 6 16:00 GMT Last Updated: 2020 May 11 15:48 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvq20910CSCvr43476CSCvr49833 CVE-2020-3334 CWE-399 CVSS Score: 7.4 AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit this vulnerability by sending a series of unicast ARP packets in a short timeframe that would reach the management interface of an affected device. A successful exploit could allow the attacker to consume resources on an affected device, which would prevent the device from sending internal system keepalives and eventually cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fp2100-arp-dos-kLdCK8ks Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco Adaptive Security Appliance (ASA) Software releases earlier than releases 9.10.1.37, 9.12.3, and 9.13.1.2, if the software is running on a Cisco Firepower 2100 Series Security Appliance. At the time of publication, this vulnerability affected Cisco Firepower Threat Defense (FTD) Software releases earlier than Release 6.6.0, if the software is running on a Cisco Firepower 2100 Series Security Appliance. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco FTD Software running on Cisco Adaptive Security Appliances and Cisco Integrated Services Routers. Cisco has confirmed that this vulnerability does not affect Cisco Firepower Management Center (FMC) Software. Details o This vulnerability can be only be exploited on the Cisco Firepower 2100 Series Security Appliances management interface and the attacker would need to have L2 adjacency, which greatly decreases the attack surface. This is why the Security Impact Rating is Medium. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco ASA Software releases 9.10.1.37, 9.12.3, 9.13.1.2, and later contained the fix for this vulnerability. At the time of publication, Cisco FTD Software 6.4.0.9 (May 2020), 6.5.0.5 (future release), 6.6.0 and later contained the fix for this vulnerability. ^ 1 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. 1. Cisco FMC and FTD Software releases 6.0.1 and earlier have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability. To upgrade to a fixed release of Cisco FTD Software, customers can do one of the following: For devices that are managed by using Cisco Firepower Management Center (FMC), use the FMC interface to install the upgrade. After installation is complete, reapply the access control policy. For devices that are managed by using Cisco Firepower Device Manager (FDM), use the FDM interface to install the upgrade. After installation is complete, reapply the access control policy. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fp2100-arp-dos-kLdCK8ks Revision History o +---------+---------------------------+------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+---------------------------+------------+--------+-------------+ | | Clarified that only | | | | | 1.1 | Firepower 2100 Series | Vulnerable | Final | 2020-MAY-11 | | | Security Appliances are | Products | | | | | affected. | | | | +---------+---------------------------+------------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-MAY-06 | +---------+---------------------------+------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXsH1JeNLKJtyKPYoAQgZzRAAml+/XtXGygsk3MZETnvJcZWL6Vn13DrO 6wfX7Fh6XQEQtTDkVxhIsCQhGfA8tjjHOkGizwvlCoHVMgGp4OeWWGrfNiCk9PYH xyNpYdXPHnIiiP3QX3+tvSUULl79xM2pLat9g9UGh3B9xFm3wOEjP1jgUKmlM8KP ULsVUYU3w/XP+HDv2uob0t2moA5/cWpFYvhbNWEC0DlUBJcxoFP/uuc/mqcdH+bT tsU1+uBafGfjCdlkn9hXkYgo+SXKw3HsNJPKdUUBftg0PW+glYY3O+rh38SwicXp kK/yxmVFRADJbxySw0cm4/GBt4vW4b5SexygUbwL5/EQbbRX5uc+qnX02S40I0Iu SDRoQbxW3tV+BLnYmIZqd/hbbnHNXLnP/u85XNnz1JTwJ7T+VZXzNK/uaEkIuo8j 65OxwV9BzFk975n8kA/zL5yqBIqdfzThiSUPXqLb98YAFcY09sMcooRTFgB0ZRhP XocL6+v5q5sMVy631rAcquVyp6iBYVejvl4Gkm1PZtxCpT76OtKUja1TZg19kXm9 NOAzU1kjm36m5qrQA8JG5DT2+6u/iLd3nQYH0MCINK1ib40Zg/rpuEwOm5UNXh2T nlikH7nNJSkxiXk/I0vZhQCsZrIZBt2VdiJ+YKXs8y2u7V4MXzxwysBf3NUIsUar aRO4W1eunPI= =rxgt -----END PGP SIGNATURE-----