VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Dec 14, 2016· Updated May 6, 2026

CVE-2016-9209

CVE-2016-9209

Description

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco FirePOWER system software mishandles out-of-order TCP segments, enabling malware to bypass GZIP decompression and SHA-256 hash checks.

Vulnerability

A vulnerability in TCP processing of Cisco FirePOWER system software (versions including 2.9.7.10) allows an unauthenticated, remote attacker to bypass malware protection. The issue occurs when out-of-order TCP segments (retransmissions outside the current window that have already been acknowledged) are not properly processed before being passed to HTTP inspection. For GZIP-compressed streams, this causes decompression to fail, leading to an incorrect SHA-256 hash calculation and potential malware not being detected [1].

Exploitation

An attacker can exploit this vulnerability by tricking a user into downloading a file containing malware via HTTP from a specially prepared server. The attacker sends out-of-order TCP segments to trigger the GZIP decompression failure, then delivers the malicious file. No authentication or prior access is required; the attack relies on user interaction (clicking a link or visiting a malicious site) [1].

Impact

Successful exploitation allows the attacker to bypass the malware protection provided by the FirePOWER system software. The attacker gains the ability to deliver malware that would normally be blocked, potentially leading to further compromise of the target system. The impact is limited to bypassing detection; no direct code execution or privilege escalation is achieved [1].

Mitigation

No workarounds are available for this vulnerability. The Cisco advisory does not specify a fixed release; users should consult the advisory for the latest information on patches or updates [1].

References
  1. Cisco Security Advisory: Cisco FirePOWER Malware Protection Bypass Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • Cisco Systems, Inc./Firepower Services For Adaptive Security Appliance13 versions
    cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.3.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:5.4.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:firepower_services_for_adaptive_security_appliance:6.1.0:*:*:*:*:*:*:*
  • Cisco Systems, Inc./Firepower System Softwarellm-fuzzy
    Range: =2.9.7.10

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.