Executive Summary
| Summary | |
|---|---|
| Title | Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20180418-fp2100 | First vendor Publication | 2018-04-18 |
| Vendor | Cisco | Last vendor Modification | 2018-04-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly validating IP Version 4 (IPv4) and IP Version 6 (IPv6) packets after the software reassembles the packets. An attacker could exploit this vulnerability by sending a series of malicious, fragmented IPv4 or IPv6 packets to an affected device. A successful exploit could allow the attacker to cause Snort processes on the affected device to hang at 100% CPU utilization, which could cause the device to stop processing traffic and result in a DoS condition until the device is reloaded manually. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJa128CXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz3HwP/1/kABr+k7O3mkVgOc9DSe87e5Ou lXfSgEO/d5t1udJhB+Ly0t6QzWkyxH71DqNnZsvZUx+yF62/teWm9sdShLWbkNe7 TOY2sVgUzACmNDCkuAQQA3Dk1468RAqBBaSxdN0/YCDwwCoucSAT62w6QZnJFYLG PufXb3ElLQpe+u0nacCS65pqh1mcsYnFwodeKll6bfl2iXslsrZqJw24iXtYQstr TdJRCp4pEBY13TBbORR2lw23cog194oeBjJ0Za2yBb3MSnmMqHC/l6uJhCv3AlYF sVxmYe2oTcsAvrwwYKm1oFdAW5ay7TenZOjKK6GA4zCT7a89pkHkHDv8YgclgA9r 6BDilwKBC9WmAk3GuRCH4n7as1v55CxddAa0N3lA2rJE5LAfuHFddrCOHNLVK12a v9DxfpPNXQU6xt0TkG3RsmS1PZIKuHf2OSk1qHq/vVwO3W89xiDbeXvGs5INkPfp +Ed+M0y4k3leX0erDZmywJUlZymQXLPCKgx+9FxQx/pSYY2/hm/M0Uaql9y3cQ37 1wrKx3uzHKapBOKjeR4fH4QZX4TD+lWuLi3SLLb6Ci24GBHj0TKHrdgcqHj14SiI U/8DCsnX22xV3yEOWw0HfEgUt8REcaOtsM2mW6ilnj1ZqSMaistIm+TKTNP61ACP 4rRn0NSH6yXQSKIQ =QcRd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Os | 1 |
Alert History
| Date | Informations |
|---|---|
| 2018-05-23 17:21:05 |
|
| 2018-04-20 00:21:17 |
|
| 2018-04-18 21:18:34 |
|
