BugZero | Cisco BugID CSCwc62384 - Vulnerabilities on Cisco FTD Captive Portal on TCP...

Cisco - Defect ID: CSCwc62384

Vulnerabilities on Cisco FTD Captive Portal on TCP port 885

Cisco - Defect ID: CSCwc62384

Vulnerabilities on Cisco FTD Captive Portal on TCP port 885

Last updated on 9/7/2024

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the Firepower System Software. This defect will track several Product Security Baseline (PSB) issues and how they relate to the Captive Portal which by default listens on TCP port 885. * HTTP TRACE / TRACK Methods Allowed * SSL Medium Strength Cipher Suites Supported (SWEET32) CVE:CVE-2016-2183 885 medium * TLS Version 1.1 Protocol Deprecated

Conditions

The Captive Portal which by default listens on TCP port 885.

Workaround

This workaround is on 7.3. Other older versions also should be the same. 1. save "/ngfw/var/sf/idhttpsd/conf/idhttpsd.conf", so that you can revert back it there is any issue. 2. stop idhttpsd using "pmtool disablebyid idhttpsd" 3. download the file in the enclosure "idhttpsd.conf". Diff to the existing idhttpsd.conf file and you should see only the following lines changed: + TraceEnable Off - SSLProtocol all -SSLv2 -SSLv3 -TLSv1 + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA 4. copy the downloaded file to "/ngfw/var/sf/idhttpsd/conf/" directory to replace existing one 5. start idhttpsd using "pmtool enablebyid idhttpsd" If you delete identity policy or take out captive portal and put it back from the rules, you need to redo these steps, becasue it might be re-written by FMC

Further Problem Description

None

PSIRT Evaluation

The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwc62384

Vulnerabilities on Cisco FTD Captive Portal on TCP port 885

Cisco - Defect ID: CSCwc62384

Vulnerabilities on Cisco FTD Captive Portal on TCP port 885

Last updated on 9/7/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

PSIRT Evaluation

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?