Cisco Firepower Packet Inspection Engine HTTP Stream DoS

high Nessus Plugin ID 94469

Synopsis

The packet inspection software on the remote host is affected by a denial of service vulnerability.

Description

The version of Cisco Firepower System running on the remote host is affected by a denial of service vulnerability in the packet inspection engine due to improper handling of certain HTTP packet streams. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP packet stream, to cause the Snort process to restart, allowing traffic inspection to be bypassed or traffic to be dropped.

Solution

Upgrade to Cisco Firepower System version 5.4.0.7 / 5.4.1.6 / 6.0.1 / 6.1.0 or later.

See Also

http://www.nessus.org/u?d8348603

Plugin Details

Severity: High

ID: 94469

File Name: cisco-sa-20161019-fpsnort.nasl

Version: 1.8

Type: local

Family: CISCO

Published: 11/2/2016

Updated: 7/9/2018

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:firepower_management_center

Required KB Items: Host/Cisco/firepower/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/19/2016

Vulnerability Publication Date: 10/19/2016

Reference Information

CVE: CVE-2016-6439

BID: 93787

CISCO-SA: cisco-sa-20161019-fpsnort

CISCO-BUG-ID: CSCux61630