CVE-2018-0297

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured SSL AC policy to block SSL traffic. Cisco Bug IDs: CSCvg09316.

A vulnerability in the detection engine of Cisco Firepower Threat Defense software could allow an unauthenticated, remote attacker to bypass a configured Secure Sockets Layer (SSL) Access Control (AC) policy to block SSL traffic. The vulnerability is due to the incorrect handling of TCP SSL packets received out of order. An attacker could exploit this vulnerability by sending a crafted SSL connection through the affected device. A successful exploit could allow the attacker to bypass a configured SSL AC policy to block SSL traffic. Cisco Bug IDs: CSCvg09316.

Una vulnerabilidad en el motor de detección del software Cisco Firepower Threat Defense podría permitir que un atacante remoto no autenticado omita una política de control de acceso (AC) Secure Sockets Layer (SSL) para bloquear el tráfico SSL. Esta vulnerabilidad se debe a la gestión incorrecta de ciertos paquetes TCP SSL recibidos fuera de orden. Un atacante podría explotar esta vulnerabilidad enviando una conexión SSL manipulada a través de un dispositivo afectado. Su explotación con éxito podría permitir que el atacante omita una política AC SSL para bloquear el tráfico SSL. Cisco Bug IDs: CSCvg09316.