CiscoCISCO-SA-20151116-FIRECisco Firepower 9000 USB Kernel Denial of Service Vulnerability
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
12.6%
A vulnerability in the USB driver of Cisco Firepower 9000 could allow an unauthenticated, local attacker with physical access to the device to send invalid USB commands to the kernel and cause a denial of service (DoS) condition.
The vulnerability is due to insufficient sanitization of USB input parameters. An attacker could exploit this vulnerability by using crafted USB user inputs to send invalid USB commands to the kernel.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire”]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| firepower extensible operating system | eq | any | |
| cisco firepower extensible operating system | eq | any |
Related
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
12.6%