Vulnerability Name:

CVE-2018-0254 (CCN-141817)

Assigned:2017-11-27
Published:2018-04-18
Updated:2019-10-09
Summary:A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass (IAB) with a drop percentage threshold is also configured. The vulnerability is due to incorrect counting of the percentage of dropped traffic. An attacker could exploit this vulnerability by sending network traffic to a targeted device. An exploit could allow the attacker to bypass configured file action policies, and traffic that should be dropped could be allowed into the network. Cisco Bug IDs: CSCvf86435.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N)
5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-693
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2018-0254

Source: BID
Type: Third Party Advisory, VDB Entry
103940

Source: CCN
Type: BID-103940
Cisco Firepower System Software CVE-2018-0254 Remote Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
cisco-fss2-cve20180254-sec-bypass(141817)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20180418-fss2
Cisco Firepower System Software Intelligent Application Bypass Vulnerability

Source: CONFIRM
Type: Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:firepower_threat_defense:6.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:firepower_threat_defense:6.2.2:*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:amp_7150:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:amp_8150:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7010:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7020:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7030:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7050:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7110:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7115:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7120:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_7125:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8120:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8130:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8140:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8250:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8260:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8270:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8290:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8350:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8360:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8370:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_appliance_8390:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_1000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_2000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_2500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firepower_management_center_4500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_1500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_3500:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:firesight_management_center_750:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:ngips_virtual_appliance:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:firepower_system_software:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco firepower threat defense 6.1.0.5
    cisco firepower threat defense 6.2.0.2
    cisco firepower threat defense 6.2.1
    cisco firepower threat defense 6.2.2
    cisco amp 7150 -
    cisco amp 8150 -
    cisco firepower appliance 7010 -
    cisco firepower appliance 7020 -
    cisco firepower appliance 7030 -
    cisco firepower appliance 7050 -
    cisco firepower appliance 7110 -
    cisco firepower appliance 7115 -
    cisco firepower appliance 7120 -
    cisco firepower appliance 7125 -
    cisco firepower appliance 8120 -
    cisco firepower appliance 8130 -
    cisco firepower appliance 8140 -
    cisco firepower appliance 8250 -
    cisco firepower appliance 8260 -
    cisco firepower appliance 8270 -
    cisco firepower appliance 8290 -
    cisco firepower appliance 8350 -
    cisco firepower appliance 8360 -
    cisco firepower appliance 8370 -
    cisco firepower appliance 8390 -
    cisco firepower management center 1000 -
    cisco firepower management center 2000 -
    cisco firepower management center 2500 -
    cisco firepower management center 4000 -
    cisco firepower management center 4500 -
    cisco firesight management center 1500 -
    cisco firesight management center 3500 -
    cisco firesight management center 750 -
    cisco ngips virtual appliance -
    cisco firepower system software -