CVE-2018-0243

{"id": "CVE-2018-0243", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-04-19T20:29:00.973", "references": [{"url": "http://www.securityfocus.com/bid/103943", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The vulnerability is due to incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this vulnerability by sending a crafted SMB2 or SMB3 transfer request through the targeted device. An exploit could allow the attacker to pass SMB2 or SMB3 files that could be malware even though the device is configured to block them. This vulnerability does not exist for SMB Version 1 (SMB1) files. This vulnerability affects Cisco Firepower System Software when one or more file action policies are configured, on software releases prior to 6.2.3. Cisco Bug IDs: CSCvg68807."}, {"lang": "es", "value": "Una vulnerabilidad en el motor de detecci\u00f3n de Cisco Firepower System Software podr\u00eda permitir que un atacante remoto sin autenticar omita una pol\u00edtica de archivos que est\u00e9 configurada para anular los protocolos Server Message Block Version 2 (SMB2) y SMB Version 3 (SMB3) si se detecta malware. La vulnerabilidad se debe a la detecci\u00f3n incorrecta de un archivo SMB2 o SMB3 basado en el tama\u00f1o total del archivo. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de transferencia de SMB2 o SMB3 manipulada al dispositivo objetivo. Un exploit podr\u00eda permitir que el atacante pase archivos SMB2 o SMB3 que podr\u00edan ser malware, incluso aunque el dispositivo est\u00e9 configurado para bloquearlos. Esta vulnerabilidad no existe para los archivos SMB Version 1 (SMB1). Esta vulnerabilidad afecta a Cisco Firepower System Software cuando una o m\u00e1s pol\u00edticas de acci\u00f3n de archivos est\u00e1n configuradas en versiones del software anteriores a la 6.2.3. Cisco Bug IDs: CSCvg68807."}], "lastModified": "2019-10-09T23:31:33.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1D6BDEA-ADBE-4FAB-ACFD-60E4CD5B0F84", "versionEndExcluding": "6.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}