Test ID:	1.3.6.1.4.1.25623.1.0.106719
Category:	CISCO
Title:	Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
Summary:	A vulnerability in the detection engine reassembly of Secure Sockets Layer; (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a; denial of service (DoS) condition because the Snort process consumes a high level of CPU resources.
Description:	Summary: A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Vulnerability Insight: The vulnerability is due to improper handling of an SSL packet stream. An attacker could exploit this vulnerability by sending a crafted SSL packet stream to the detection engine on the targeted device. Vulnerability Impact: An exploit could allow the attacker to cause a DoS condition because the Snort process consumes a high level of CPU resources. The device must be manually reloaded to recover from this condition. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3885 BugTraq ID: 97451 http://www.securityfocus.com/bid/97451
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.