Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1657
Views
0
Helpful
3
Replies

FTD 4120 Vulnerability

Go to solution
ChristopherO
Level 1
Level 1

‎11-26-2018 09:06 AM - edited ‎02-21-2020 08:30 AM

Hello!

 

During a vulnerability scan on my FTD 4120, I was provided with the below vulnerability to resolve. Can you tell me if 4120 has enabled the H2 protocol?

 

Vulnerability description:

Apache HTTPD: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to Abheesh Kumar

‎11-26-2018 12:49 PM

Hi,
Are you planning to downgrade...??? I think its recommended to upgrade to latest version.
As per the bug CSCvj48872, its fixed on the mentioned releases but in your case as per the vulnerability scan its still affected, my suggestion is to open a ticket with cisco for further more verification/analysis.

HTH
Abheesh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni

‎11-26-2018 10:24 AM

Hi,

Apache Remote Web Server is affected by multiple vulnerabilities on the FXOS Version 2.3(1.73)

CSCvj48872 it is fixed on the  version 2.3(1.88) & 2.3(1.82)

 

Multiple Common Vulnerability and Exposures ID's CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303,
CVE-2018-1312

 

HTH

Abheesh

0 Helpful

Go to solution
ChristopherO
Level 1
Level 1
In response to Abheesh Kumar

‎11-26-2018 11:40 AM

Thanks for the quick response Abheesh, 

 

The FXOS version installed is 2.3(1.88) and I plan to upgrade to 2.3(1.56) soon. 

The Vulnerability has Exposures ID of CVE-2018-11763 listed which i didn't see listed below. If I am running FXOS 2.3(1.88) and the scan still is reporting the vulnerability, what should i do to resolve this, or should it be marked as a false positive? 

 

Thanks for your help!

Chris

 

0 Helpful

Go to solution
Abheesh Kumar
VIP Alumni
VIP Alumni
In response to Abheesh Kumar

‎11-26-2018 12:49 PM

Hi,
Are you planning to downgrade...??? I think its recommended to upgrade to latest version.
As per the bug CSCvj48872, its fixed on the mentioned releases but in your case as per the vulnerability scan its still affected, my suggestion is to open a ticket with cisco for further more verification/analysis.

HTH
Abheesh
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card