Cisco Firepower System Software CVE-2016-6368 Denial of Service Vulnerability

Description: The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.

Related CVE: CVE-2016-6368

Impact: A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. Following versions are affected:

  • Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) 0
  • Cisco Sourcefire 3D System Appliances 0
  • Cisco Industrial Security Appliance 3000 0
  • Cisco FirePOWER Threat Defense for Integrated Services Routers 0
  • Cisco Firepower System Software 0
  • Cisco FirePOWER Management Center 6.0
  • Cisco Firepower 9300 Series Security Appliances 0
  • Cisco FirePOWER 8000 Series Appliances 0
  • Cisco FirePOWER 7000 Series Appliances 0
  • Cisco Firepower 4100 Series Security Appliances 0
  • Cisco Advanced Malware Protection (AMP) for Networks 8000 Series Appli 0
  • Cisco Advanced Malware Protection (AMP) for Networks 7000 Series Appli 0
  • Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER S 0
  • Cisco Adaptive Security Appliance (ASA) 5500-X Series Next-Generation 0

Mitigation: Cisco has released software updates that addresses this vulnerability.

Reference URL’s:

Share