CVE-2018-0244

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions prior to 6.2.3

Description: A vulnerability in the detection engine could allow an unauthenticated, remote attacker to bypass a configured file action policy. This occurs due to how the SMB protocol handles a large file transfer failure, where some pieces of the file are successfully transferred before the transfer fails and is reset. An attacker could exploit this by sending a crafted SMB file transfer request, potentially passing an SMB file with malware that the device is configured to block.

Recommendations: For versions prior to 6.2.3, update to version 6.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of large SMB file transfers to minimize the risk of exploitation.