Cisco Patches Malware Detection Issue

Monday, April 4, 2016 @ 05:04 PM gHale


Cisco patched a high severity vulnerability that allows attackers to remotely bypass the malware detection and blocking feature in the Firepower System Software.

The vulnerability is the result of an improper input validation of fields in HTTP headers. A remote, unauthenticated attacker can exploit the flaw to bypass malicious file detection and blocking features by sending a specially crafted HTTP request to the targeted system.

RELATED STORIES
Cisco Patches DoS Holes
USB Trojan Leaves No Trace
New Way to Hack iCloud Account
Abandoned App Details in Open

Successful exploitation of the vulnerability allows malware to pass through the system without being detected, Cisco officials said.

The issue affects various Cisco security appliances running Firepower System Software with file action policies configured.

The list of affected products includes Adaptive Security Appliance (ASA), Advanced Malware Protection (AMP), Sourcefire 3D System, FirePOWER, and Next Generation Intrusion Prevention Systems for VMware (NGIPSv) and Blue Coat X-Series (NGIPS).

Cisco patched the vulnerability its Firepower System Software 5.4.0.7 and later, 5.4.1.6 and later, and 6.0.1 and later.

In addition, the security hole also affects Snort, the company’s open source intrusion prevention system. The issue ended up fixed in Snort with the release of version 2.9.8.2.

Cisco said it is unaware of any instances where attackers are taking advantage of the vulnerability.