Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected system. The vulnerability is due to unexpected interaction with Known Key and Decrypt and Resign configuration settings of SSL policies when the affected software receives unexpected SSL packet headers. An attacker could exploit this vulnerability by sending a crafted SSL packet through an affected device in a valid SSL session. A successful exploit could allow the attacker to bypass the SSL decryption and inspection policy for the affected system, which could allow traffic to flow through the system without being inspected. Cisco Bug IDs: CSCve12652.
CVSS Information
N/A
Vulnerability Type
加密问题
Vulnerability Title
Cisco Firepower System Software 安全漏洞
Vulnerability Description
Cisco Firepower System Software是美国思科(Cisco)公司的一款下一代防火墙产品(NGFW)。 Cisco Firepower System Software中的Secure Sockets Layer (SSL) Decryption and Inspection功能存在安全漏洞。远程攻击者可通过发送特制SSL数据包利用该漏洞绕过SSL加密和检测策略。
CVSS Information
N/A
Vulnerability Type
N/A