Security Affairs
U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaw in CISCO FirePower Firewall allows malware evade detection

A flaw in the family of CISCO FirePower Firewall devices allows malware to bypass detection mechanism. Cisco is releasing security updates to fix a critical vulnerability (CVE-2016-1345) that affects one of its newest products, the FirePower firewall. The flaw has been discovered by security researchers at Check Point Security. According to the security advisory published by […]

Flaw in CISCO FirePower Firewall allows malware evade detection

A flaw in the family of CISCO FirePower Firewall devices allows malware to bypass detection mechanism.

Cisco is releasing security updates to fix a critical vulnerability (CVE-2016-1345) that affects one of its newest products, the FirePower firewall. The flaw has been discovered by security researchers at Check Point Security.

According to the security advisory published by Cisco, an attacker can remotely exploit the flaw to allow malware bypass detection measured implemented by the FirePower firewall.

“A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system.” states the advisory.

The vulnerability is related the improper input validation of fields in HTTP headers. The attacker can remotely exploit the flaw by sending a specifically crafted HTTP request to a vulnerable system.

“A successful exploit could allow the attacker to bypass malicious file detection or blocking policies that are configured for the system, which could allow malware to pass through the system undetected.” continues the advisory.

Cisco FirePower firewall

Cisco ranked the vulnerability as “high severity” so it has promptly released the security updates that solve the issue in Cisco Firepower System Software 5.4.0.7 and later, 5.4.1.6 and later and 6.0.1 and later.

Cisco confirmed that systems Cisco Firepower System Software that has one or more file action policies configured and is running on any of the following Cisco products are vulnerable:

  • Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
  • Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
  • Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
  • FirePOWER 7000 Series Appliances
  • FirePOWER 8000 Series Appliances
  • FirePOWER Threat Defense for Integrated… 

At the time I was writing there isn’t no news regarding systems compromised by exploiting the vulnerability. Impacted Cisco hardware

A simple way to discover if a system is affected by the vulnerability is to check Cisco configurations (Policies>Access Control>Malware and File), if the policy is set on “Block Files, Block Malware, or Detect Files” the system is vulnerable.

The vulnerability also impacts the versions 2.9.8.2 and later of the Snort open source network-based intrusion detection system, users can download the updates on its official website.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco FirePower firewall, hacking)