CVE-2018-0243

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions prior to 6.2.3

Description: A vulnerability in the detection engine could allow an unauthenticated, remote attacker to bypass a configured file action policy intended to drop Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3) protocols if malware is detected. The issue arises from incorrect detection of an SMB2 or SMB3 file based on the total file length. An attacker could exploit this by sending a crafted SMB2 or SMB3 transfer request, potentially passing SMB2 or SMB3 files that could be malware despite the device being configured to block them. This issue does not affect SMB Version 1 (SMB1) files.

Recommendations: For versions prior to 6.2.3, update to version 6.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of SMB2 and SMB3 protocols until the update can be applied.