CVE-2019-1691

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense Software versions prior to 6.2.3.4

Description A vulnerability in the detection engine could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The issue is due to incomplete error handling of the SSL or TLS packet header during connection establishment. An attacker could exploit this by sending a crafted SSL or TLS packet during the connection handshake, allowing them to cause the SNORT detection engine to restart, resulting in a partial DoS condition.

Recommendations For versions prior to 6.2.3.4, update to version 6.2.3.4 or later to resolve the issue. As a temporary workaround, consider implementing additional network traffic monitoring to quickly detect and respond to potential exploitation attempts. Restrict access to the detection engine to minimize the risk of exploitation.