| CVE編號 | CVE-2016-1345 |
|---|---|
| 影響產品 | ‧Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services ‧Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances ‧Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances ‧FirePOWER 7000 Series Appliances ‧FirePOWER 8000 Series Appliances ‧FirePOWER Threat Defense for Integrated Services Routers (ISRs) ‧Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series ‧Sourcefire 3D System Appliances ‧Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware |
| 解決辦法 | ‧原廠發布安全更新連結,請參考使用版本進行更新 https://software.cisco.com/download/navigator.html |
| 張貼日 | 2016-03-31 |
| 上稿單位 | TWCERT/CC |
‧本次安全更新修補Firepower System Software之安全漏洞,該漏洞是由於web-based的管理界面對於HTTP傳輸格式的驗證不足,可能導致繞過認證。
‧編註:駭客可能利用這種漏洞攻擊方式,發送特製HTTP request來繞過惡意文件之檢測,進而達到特殊目的。