Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote malicious user to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the malicious user to bypass the configured file policies and deliver a malicious payload to the protected network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco firepower management center 2.9.14.4 |
||
cisco firepower management center 2.9.15 |
||
cisco firepower management center 2.9.16 |
||
cisco firepower threat defense |
||
cisco ios 15.2\\(7\\)e |
||
cisco ios 16.11.2 |
||
cisco ios 17.3.1 |
Switchzilla issues a whopping 30+ patches in time for the long UK weekend
Cisco has emitted a fresh round of software updates to address nearly three dozen security holes in its products. The patches, released over May 6 and 7, include 12 issues considered high-severity bugs, and another 22 classified as moderate severity. One of the holes has two CVE numbers assigned to it, so that's a total of 35 CVE-listed security vulnerabilities. Despite the absence of a critical remote code or command execution bug, the patches include a number of serious programming blunders, p...