—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Firepower Detection Engine IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20171004-fpsnort

Revision: 1.0

For Public Release: 2017 October 4 16:00 GMT

Last Updated: 2017 October 4 16:00 GMT

CVE ID(s): CVE-2017-12244

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly.

The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-fpsnort”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZ1QWHZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnxFg//YrKL+b2N3uMJH5Y1
irhUd5kXgaKFXxCxBLXTdGCaFvJRuSSCAAT2y9TwjhpZAKgAJRZrAZLegLT/EKr0
MS5dQpMTFp8ThyOiqhJYKCN9WDP8ZevEZNihbo/ySjZKpNgsoph9melb7ertmfBo
tkbk0B3Q47KlqyyWg4mgjLoW5eF/bmW3pMplpoRVgm6DRmVYN5DacTmYSMJYZn/j
DKV20SOMVuKOQ8evcUdY/fPerbtSegCkz1N5u+bN+3qfyLefBo1i5t0y/EkJ678z
bKDwNcFGgCduS0rFPqBcmmgG/a1Tq4C9dzDH7/vSIsLVKsvUgBocs+xZAoc5tzn8
NEI1n/Su4pHGPrGFS+psATgenVhQjHCSg13nyBUXMyq9AEdzodre5ARzDzE6mU5a
YcHEK3q4gljXRQE8NhnhKaOZ06ZzEA0qJLgq9I8rpp7LhySFF1Jk7UlDjZskWrX9
LTT0JKFQsabmDGIx7xxWmT/POGgzE3gDR3lWnWovuzLVexRKGhsIUDlUeYQBo1ii
4WU+7GUGo6v54cRiT1rr0qIWb36ldZKHOdvDEPreFW5ldcAigRdhFGDfG+VSdgcH
nmLYYiJBlfTvZn0LyfKnhlWweg2oVPEnuDscYth3r76A/kAbZFyVL5zXWs9tcwi6
CvZO17m3vPXUbjjIu+XvQuGGE34=
=F3iZ
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com