Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Cisco FTD Software Release 6.7.0

For Cisco FTD Software Release 6.7.0, as a workaround when the Snort 3 configuration option is enabled, an administrator may enable built-in rule Emden 129:2 in the intrusion policy and set the action to http://czechinthekitchen.com/2015/06/02/topinky-dressed-and-nude/ Drop instead of Alert.

Use the following steps to verify that the Snort 3 configuration option is enabled. For more details, see the Switching Between Snort 2 and Snort 3 section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

  1. Log in to the Admin Portal for the FTD deployment.
  2. Navigate to Policies > Intrusion.
  3. Look for the Snort Version line above the table. The current version is the first number in the complete version number. For example, 2.9.17-95 is a Snort 2 version.

Use the following steps to enable rule 129:2. For more details, see the Changing Intrusion Rule Actions (Snort 3) section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

  1. Log in to the Admin Portal for the FTD deployment.
  2. Navigate to Policies > Intrusion.
  3. Choose any system-provided policy, such as Balanced Security and Connectivity.
  4. Search for rule 129:2.
  5. Check the check box next to the rule to enable it.
  6. Choose Drop from the Action drop-down list.
  7. Add the intrusion policy to a rule in Access control policy.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-38319 : IBM SECURITY SOAR 51.0.2.0 CODE INJECTION

CVE-2024-38319 : IBM SECURITY SOAR 51.0.2.0 CODE INJECTION

Description IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.

CVE-2024-5443 : PARISNEO LOLLMS UP TO 9.7 EXTENSIONBUILDER.BUILD_EXTENSIONN PATH TRAVERSAL

CVE-2024-5443 : PARISNEO LOLLMS UP TO 9.7 EXTENSIONBUILDER.BUILD_EXTENSIONN PATH TRAVERSAL

Description CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension`

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile