漏洞信息详情
多款Cisco产品Firepower System Software 资源管理错误漏洞
- CNNVD编号:CNNVD-201704-1072
- 危害等级: 高危
- CVE编号: CVE-2016-6368
- 漏洞类型: 资源管理错误
- 发布时间: 2017-04-20
- 威胁类型: 远程
- 更新时间: 2017-07-14
- 厂 商: cisco
- 漏洞来源:
漏洞简介
Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services等都是美国思科(Cisco)公司的产品。Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services是一系列防火墙设备;Advanced Malware Protection (AMP) for Networks,7000 Series Appliances是一系列恶意软件防护解决方案。Cisco Firepower System Software是使用在其中的一套防火墙软件。
多款Cisco产品中的Firepower System Software的Pragmatic General Multicast (PGM)协议包的检测引擎解析中存在安全漏洞,该漏洞源于程序没有正确验证输入字段。远程攻击者可通过像检测引擎发送特制的PGM数据包利用该漏洞造成拒绝服务。以下Cisco产品受到影响:Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services;Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls;Advanced Malware Protection (AMP) for Networks,7000 Series Appliances; Advanced Malware Protection (AMP) for Networks,8000 Series Appliances;Firepower 4100 Series Security Appliances;FirePOWER 7000 Series Appliances;FirePOWER 8000 Series Appliances;Firepower 9300 Series Security Appliances;FirePOWER Threat Defense for Integrated Services Routers (ISRs);Industrial Security Appliance 3000;Sourcefire 3D System Appliances;Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz00876
参考网址
来源:CONFIRM
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
受影响实体
- Cisco Firepower_management_center:6.0.0.1
- Cisco Firepower_management_center:6.0.0
- Cisco Firepower_management_center:6.0.0.0
- Cisco Firepower_management_center:6.0.1
补丁
- Cisco Firepower System Software 资源管理错误漏洞的修复措施
评论