发布日期：2019-06-06
更新日期：2019-06-06

受影响系统：

Cisco Firepower Threat Defense Software 6.3
Cisco Firepower Threat Defense Software 6.3
Cisco Firepower Threat Defense Software 6.2.3
Cisco Firepower Threat Defense Software 6.2.3
Cisco Firepower Threat Defense Software 6.2.2
Cisco Firepower Threat Defense Software 6.2.2
Cisco Firepower Threat Defense Software 6.2.1
Cisco Firepower Threat Defense Software 6.2.1
Cisco Firepower 9000 Series
Cisco Firepower 2100 Series
Cisco Adaptive Security Appliance (ASA) Software
Cisco Adaptive Security Appliance (ASA) Software

不受影响系统：

Cisco Firepower Threat Defense Software 6.3.0.3
Cisco Firepower Threat Defense Software 6.2.3.12
Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50
Cisco Adaptive Security Appliance (ASA) Software 9.8.4
Cisco Adaptive Security Appliance (ASA) Software 9.10.1.17

描述：

---

BUGTRAQ  ID: 108173
CVE(CAN) ID: CVE-2019-1695

思科自适应安全设备（ASA）软件和思科Firepower威胁防御（FTD）软件的检测引擎中的漏洞可能允许未经身份验证的相邻攻击者将数据直接发送到受影响设备的内核。该漏洞的存在是因为软件不正确地过滤了发送到受影响设备的以太网帧。攻击者可以通过将精心制作的数据包发送到受影响设备的管理界面来利用此漏洞。成功利用可能允许攻击者绕过第2层（L2）过滤器并将数据直接发送到受影响设备的内核。成功传递的恶意帧将使目标设备生成特定的syslog条目。

<*来源：Cisco
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypa
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20190501-asa-ftd-bypass）以及相应补丁:
cisco-sa-20190501-asa-ftd-bypass：Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypa

补丁下载：

浏览次数：2247
严重程度：0（网友投票）