CVE-2017-6625

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense versions 6.0.0 through 6.2.2 Cisco ASA with FirePOWER Module (affected versions not specified)

Description A vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. This is due to improper SSL policy handling when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this by sending crafted packets through a targeted system. The vulnerability affects Cisco Firepower System Software configured with the SSL policy feature.

Recommendations For Cisco Firepower Threat Defense versions 6.0.0 through 6.2.2, update the software to a version that properly handles SSL policy to prevent the denial of service condition. For Cisco ASA with FirePOWER Module, at the moment, there is no information about a newer version that contains a fix for this vulnerability.