Cisco patched a high severity vulnerability that allows attackers to remotely bypass the malware detection and blocking feature in the Firepower System Software.
The vulnerability is the result of an improper input validation of fields in HTTP headers. A remote, unauthenticated attacker can exploit the flaw to bypass malicious file detection and blocking features by sending a specially crafted HTTP request to the targeted system.
Successful exploitation of the vulnerability allows malware to pass through the system without being detected, Cisco officials said.
The issue affects various Cisco security appliances running Firepower System Software with file action policies configured.
The list of affected products includes Adaptive Security Appliance (ASA), Advanced Malware Protection (AMP), Sourcefire 3D System, FirePOWER, and Next Generation Intrusion Prevention Systems for VMware (NGIPSv) and Blue Coat X-Series (NGIPS).
Cisco patched the vulnerability its Firepower System Software 18.104.22.168 and later, 22.214.171.124 and later, and 6.0.1 and later.
In addition, the security hole also affects Snort, the company’s open source intrusion prevention system. The issue ended up fixed in Snort with the release of version 126.96.36.199.
Cisco said it is unaware of any instances where attackers are taking advantage of the vulnerability.