CVE-2019-1970

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The issue is due to errors when handling specific SSL/TLS messages. An attacker could exploit this by sending crafted HTTP packets that would flow through an affected system, potentially allowing the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.