CVE-2017-12300: Input Validation
First published: Thu Nov 16 2017(Updated: )
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Firewall Management Center | =2.9.9 | |
| Cisco Secure Firewall Management Center | =2.9.10 | |
| Cisco Secure Firewall Management Center | =2.9.11 | |
| Cisco Secure Firewall Management Center | =2.9.12 | |
| Cisco Firepower Management Center Software | =2.9.9 | |
| Cisco Firepower Management Center Software | =2.9.10 | |
| Cisco Firepower Management Center Software | =2.9.11 | |
| Cisco Firepower Management Center Software | =2.9.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12300?
CVE-2017-12300 has been assigned a high severity rating due to its potential to allow unauthorized access to file policies.
How do I fix CVE-2017-12300?
To fix CVE-2017-12300, update the Cisco Secure Firewall Management Center or Cisco Firepower Management Center to the latest version that addresses the vulnerability.
Which products are affected by CVE-2017-12300?
CVE-2017-12300 affects specific versions of Cisco Secure Firewall Management Center and Cisco Firepower Management Center Software.
What can an attacker do exploiting CVE-2017-12300?
An attacker exploiting CVE-2017-12300 can bypass configured file policies intended to block the SMB2 protocol.
Is authentication required to exploit CVE-2017-12300?
No, an unauthenticated remote attacker can exploit CVE-2017-12300.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure firewall management center
- version/cisco secure firewall management center/2.9.9
- version/cisco secure firewall management center/2.9.10
- version/cisco secure firewall management center/2.9.11
- version/cisco secure firewall management center/2.9.12
- canonical/cisco firepower management center software
- version/cisco firepower management center software/2.9.9
- version/cisco firepower management center software/2.9.10
- version/cisco firepower management center software/2.9.11
- version/cisco firepower management center software/2.9.12