CVE-2017-6766

Name of the Vulnerable Software and Affected Versions Cisco Firepower System Software versions 5.4.0 through 6.2.2

Description A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The issue arises from unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this by sending a crafted SSL packet through an affected device in a valid SSL session, potentially allowing traffic to flow through the system without being inspected.

Recommendations For Cisco Firepower System Software versions 5.4.0 through 6.2.2, consider disabling the SSL Decryption and Inspection feature until a patch is available to prevent potential bypass of the SSL policy. Restrict access to the SSL configuration settings to minimize the risk of exploitation. Avoid using the Decrypt and Resign configuration settings in SSL policies until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.