Vulnerability found in FirePower Firewall of “CISCO”!

Security researchers of Check Point Security were testing a new product of CISCO and they found a critical vulnerability in this. FirePower Firewall is the name of that product and it is the newest product which had been launched by CISCO. Check Point Security is famous security company and its headquarter is located in ISRAEL.

This vulnerability was allowing hackers to remotely bypass the malware detection system of the firewall. It was like making fool of a security guard to get entry in the house for stealing all the money and costly things. This vulnerability has been registered with CVE-2016-1345. CISCO has also released an update to patch this security flaw.

How hackers can exploit this vulnerability?

Hackers can remotely exploit this vulnerability to leave a malware in the network. In simple words, there is a problem in FirePower Firewall’s HTTP header input field. Hackers can exploit this vulnerability by creating a special HTTP request according to the need of malware, which they want to inject in the network. By doing this hackers can make fool of malware detection system of this Firewall. If the Malware Detection system of a firewall has been blocked by the hackers, then it is just a steel box. By getting entry into the settings of Firewall, hackers can change all the policies of Firewall, which has been set by a network engineer. Hackers can set the policies of Firewall as per need of malware.

Response of CISCO?

A security update has been released by CISCO, to fix this security flaw. It is a major vulnerability therefore it got the entry in the list of “High Risk” vulnerabilities. CISCO will release this security update in three steps. First it will release version 5.4.0.7, then 5.4.1.6 and in the last it will update 6.0.1. CISCO will release a complete package of solution in version 6.0.1 which will fix this vulnerability in “FirePower” firewall. A list of suspicious services has also been published by CISCO to warn the users of FirePower Firewall. There is a list of malicious services. If any network engineer found any of these services running on the network, then he have to update the firewall.

1.FirePower 8000 Series products

2.AMP (Advanced Malware Protection) for Networks, 8000 Series products

3.ASA (Adaptive Security Appliance) 5500-X-Series with Firepower Services.

4.FirePower 8000 Series Products.

5.AMP (Advanced malware Protection) for network, 7000 Series Products.

There is another way to find this vulnerability. Users can check the settings of firewall. Users can go into policies of firewall, then into access control and then Malware and File. If the rules are set to Block Malware, Detect Files and Block Files, then network is vulnerable.