BugZero | Cisco BugID CSCvi93955 - Security Header Not Detected

Cisco - Defect ID: CSCvi93955

Security Header Not Detected - CWE-693: Protection Mechanism Failure

Cisco - Defect ID: CSCvi93955

Security Header Not Detected - CWE-693: Protection Mechanism Failure

Last updated on 3/22/2023

Overall: 6.36.3

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.36.3

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 6.96.9

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

HTTP Security Header scan of FMC and Firepower Gui may return the following result. [+] There are 1 security headers [*] Header X-Frame-Options is present! (Value: SAMEORIGIN) [-] There are not 7 security headers [!] Missing security header: X-XSS-Protection [!] Missing security header: Content-Security-Policy [!] Missing security header: X-Content-Type-Options [!] Missing security header: Referrer-Policy [!] Missing security header: Strict-Transport-Security [!] Missing security header: Public-Key-Pins [!] Missing security header: X-Permitted-Cross-Domain-Policies ------------------------------------------------------- On FDM the following headers may report as missing. [+] There are 4 security headers [*] Header X-Content-Type-Options is present! (Value: nosniff) [*] Header X-XSS-Protection is present! (Value: 1; mode=block) [*] Header X-Frame-Options is present! (Value: SAMEORIGIN) [*] Header Strict-Transport-Security is present! (Value: max-age=31536000 ; includeSubDomains) [-] There are not 4 security headers [!] Missing security header: Content-Security-Policy [!] Missing security header: Referrer-Policy [!] Missing security header: Public-Key-Pins [!] Missing security header: X-Permitted-Cross-Domain-Policies

Conditions

FirePOWER SW version 6.1 - 6.2.3

Workaround

None

Further Problem Description

https://cwe.mitre.org/data/definitions/693.html https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvi93955

Security Header Not Detected - CWE-693: Protection Mechanism Failure

Cisco - Defect ID: CSCvi93955

Security Header Not Detected - CWE-693: Protection Mechanism Failure

Last updated on 3/22/2023

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?