The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.
Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2gCtpxp
The vulnerability is due to out-of-order TCP segments (retransmissions out of the current window, which have already been acknowledged) not being properly processed before being passed to HTTP inspection, which for GZIP compressed streams causes GZIP decompression to fail. This results in an incorrect SHA-256 hash being calculated and potential malware not being detected. An attacker could exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specifically prepared server. An exploit could allow the attacker to bypass the malware protection provided by the FirePOWER system software.
Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2gCtpxp
Security Impact Rating: Medium
CVE: CVE-2016-9209
from Cisco Security Advisory http://ift.tt/2gCtpxp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.