CVE-2019-1982

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense Software (affected versions not specified) Cisco FirePOWER Services Software for ASA (affected versions not specified) Cisco Firepower Management Center Software (affected versions not specified)

Description The issue is caused by errors in handling HTTP requests. It may allow a remote attacker to impact the integrity of protected information using a specially crafted request. The vulnerability is due to improper handling of HTTP requests, including those communicated over a secure HTTPS connection, that contain maliciously crafted headers. An attacker could exploit this by sending malicious requests to an affected device, potentially allowing them to bypass filtering and deliver malicious requests to protected systems.

Recommendations For Cisco Firepower Threat Defense Software, update to a version that fixes the improper handling of HTTP requests. For Cisco FirePOWER Services Software for ASA, update to a version that fixes the improper handling of HTTP requests. For Cisco Firepower Management Center Software, update to a version that fixes the improper handling of HTTP requests. As a temporary workaround, consider restricting access to the HTTP traffic filtering component until a patch is available.