Symptom
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file
policy that is configured for the FTP Protocol with the action ''Block upload with Reset''.
The vulnerability is due to incorrect handling of the FTP control connection. An attacker could exploit this vulnerability by sending a crafted
FTP connection to transfer a file to the targeted device. An exploit could allow the attacker to bypass a configured file policy and not proper
block transfer of a file via FTP.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firesight-file-bypass
Conditions
Please refer to Security Advisory.
Workaround
Please refer to Security Advisory.
Further Problem Description
Please refer to Security Advisory.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 5.8:
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
CVE ID CVE-2018-0383 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
