NewsSecurity Vulnerabilities

Cisco Firepower Threat Defence Software Generic Routing Encapsulation Denial of Service Vulnerability [CVE-2022-20946]

Duncan 1250 Views 0 Comments 2 min read

CVE number – CVE-2022-20946

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition.

Vulnerable Products

This vulnerability affects Cisco FTD Software releases 6.3.0 and later.

Note: GRE tunnel decapsulation in the LINA engine was introduced in Cisco FTD Software Release 6.3.0. This feature is enabled by default and cannot be disabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Workarounds

  • There are no workarounds that address this vulnerability. However, administrators may choose to bypass decapsulation for GRE-tunneled flows by following these steps from the Cisco FMC GUI:
    1. Click Policies and choose Prefilter under Access Control.Click Edit under the Prefilter Policy that is associated with the access policy assigned to the device.Change the GRE tunnel rule type action to Fastpath.Click Save.Click Deploy.
    Note: This configuration will bypass the detection engine for GRE-tunneled traffic.While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

  • Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.