Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-15390
HistoryOct 05, 2018 - 2:29 p.m.

CVE-2018-15390

2018-10-0514:29:07
CWE-399
CWE-667
[email protected]
web.nvd.nist.gov
19
cve-2018-15390
cisco
firepower
threat defense
ftd
software
vulnerability
ftp inspection
denial of service
dos

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition.

Affected configurations

NVD
Node
ciscofirepower_threat_defenseRange6.2.3.06.2.3.4

CNA Affected

[
  {
    "product": "Cisco Firepower Threat Defense Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cisco 1
nessus 1
cvelist
cvelist
CVE-2018-15390 Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
2018-10-03 00:00:00
prion
prion
Race condition
2018-10-05 14:29:00
nvd
nvd
CVE-2018-15390
2018-10-05 14:29:07
cisco
cisco
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
2018-10-03 16:00:00
nessus
nessus
Cisco Firepower Threat Defense Software Multiple DoS Vulnerabilities (cisco-sa-20181003-ftd-inspect-dos, cisco-sa-20181003-asa-dma-dos)
2018-10-04 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON
Related for CVE-2018-15390
cvelist1prion1nvd1cisco1nessus1