====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN116
_____________________________________________________________________

DATE                : 20/04/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Firepower Detection Engine.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
____________________________________________________________________

Cisco Security Advisory: Cisco Firepower Detection Engine Pragmatic
General Multicast Protocol Decoding Denial of Service Vulnerability

Advisory ID: cisco-sa-20170419-fpsnort

Revision: 1.0

For Public Release: 2017 April 19 16:00 GMT

Last Updated: 2017 April 19 16:00 GMT

CVE ID(s): CVE-2016-6368

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the detection engine parsing of Pragmatic General
Multicast (PGM) protocol packets for Cisco Firepower System Software
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition due to the Snort process unexpectedly
restarting.

The vulnerability is due to improper input validation of the fields in
the PGM protocol packet. An attacker could exploit this vulnerability
by sending a crafted PGM packet to the detection engine on the targeted
device. An exploit could allow the attacker to cause a DoS condition if
the Snort process restarts and traffic inspection is bypassed or
traffic is dropped.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================