Cisco Secure Firewall Threat Defense Geolocation VPN Policy Bypass Vulnerability

A vulnerability exists in the Geolocation-Based Remote Access VPN feature of Cisco Secure Firewall Threat Defense Software. It allows an unauthenticated, remote attacker to bypass policies that regulate HTTP connections based on geographic location. This issue arises because the URL string is not properly parsed, enabling attackers to send crafted HTTP connections that exploit this flaw. As a result, they can gain unauthorized access to networks that should have been protected by the geolocation policies.

Impact

Exploitation of this vulnerability could lead to unauthorized access to networks by bypassing geolocation-based VPN policies, allowing HTTP connections that should have been denied.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading Cisco Secure FTD devices can be found in the Cisco Secure FMC upgrade guide. For guidance on determining the best Cisco Secure Firewall release, consult the recommended releases documents.