CVE-2017-12303 : Security Advisory and Response
Discover the impact of CVE-2017-12303, a vulnerability in Cisco Web Security Appliance's AMP feature allowing remote attackers to bypass file filtering rules. Learn about affected systems and mitigation steps.
A security weakness in the file filtering functionality of Cisco Web Security Appliance's Advanced Malware Protection (AMP) feature could allow unauthorized remote access, potentially bypassing configured AMP file filtering rules.
Understanding CVE-2017-12303
What is CVE-2017-12303?
This CVE identifies a vulnerability in Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) that could be exploited by an unauthenticated remote attacker to bypass AMP file filtering rules.
The Impact of CVE-2017-12303
The vulnerability affects zipped or archived file types due to discrepancies in file hash values during AMP scans. Successful exploitation could enable attackers to bypass configured AMP file filtering rules.
Technical Details of CVE-2017-12303
Vulnerability Description
The vulnerability lies in the AMP file filtering feature of Cisco AsyncOS Software for Cisco WSA, allowing attackers to send crafted email file attachments to bypass filtering rules.
Affected Systems and Versions
- Product: Cisco Web Security Appliance
- Version: Cisco Web Security Appliance
Exploitation Mechanism
Attackers exploit the discrepancy in file hash values by sending specially crafted email file attachments through the targeted device.
Mitigation and Prevention
Immediate Steps to Take
- Apply vendor-provided patches promptly
- Monitor network traffic for signs of exploitation
- Implement email security best practices
Long-Term Security Practices
- Regularly update and patch software and security systems
- Conduct security awareness training for employees
Patching and Updates
- Cisco has released patches to address this vulnerability
- Regularly check for security advisories and updates from Cisco