Multiple Cisco Products Snort TCP Fast Open File Policy Bypass Vulnerability

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Cisco FTD Software Release 6.7.0

For Cisco FTD Software Release 6.7.0, as a workaround when the Snort 3 configuration option is enabled, an administrator may enable built-in rule 129:2 in the intrusion policy and set the action to Drop instead of Alert.

Use the following steps to verify that the Snort 3 configuration option is enabled. For more details, see the Switching Between Snort 2 and Snort 3 section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

  1. Log in to the Admin Portal for the FTD deployment.
  2. Navigate to Policies > Intrusion.
  3. Look for the Snort Version line above the table. The current version is the first number in the complete version number. For example, 2.9.17-95 is a Snort 2 version.

Use the following steps to enable rule 129:2. For more details, see the Changing Intrusion Rule Actions (Snort 3) section of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager, Version 6.7.

  1. Log in to the Admin Portal for the FTD deployment.
  2. Navigate to Policies > Intrusion.
  3. Choose any system-provided policy, such as Balanced Security and Connectivity.
  4. Search for rule 129:2.
  5. Check the check box next to the rule to enable it.
  6. Choose Drop from the Action drop-down list.
  7. Add the intrusion policy to a rule in Access control policy.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

Description isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and