Executive Summary

Title Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability
Name cisco-sa-20180418-fp2100 First vendor Publication 2018-04-18
Vendor Cisco Last vendor Modification 2018-04-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition.

The vulnerability is due to the affected software improperly validating IP Version 4 (IPv4) and IP Version 6 (IPv6) packets after the software reassembles the packets. An attacker could exploit this vulnerability by sending a series of malicious, fragmented IPv4 or IPv6 packets to an affected device. A successful exploit could allow the attacker to cause Snort processes on the affected device to hang at 100% CPU utilization, which could cause the device to stop processing traffic and result in a DoS condition until the device is reloaded manually.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100"]


iQJ5BAEBAgBjBQJa128CXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz3HwP/1/kABr+k7O3mkVgOc9DSe87e5Ou lXfSgEO/d5t1udJhB+Ly0t6QzWkyxH71DqNnZsvZUx+yF62/teWm9sdShLWbkNe7 TOY2sVgUzACmNDCkuAQQA3Dk1468RAqBBaSxdN0/YCDwwCoucSAT62w6QZnJFYLG PufXb3ElLQpe+u0nacCS65pqh1mcsYnFwodeKll6bfl2iXslsrZqJw24iXtYQstr TdJRCp4pEBY13TBbORR2lw23cog194oeBjJ0Za2yBb3MSnmMqHC/l6uJhCv3AlYF sVxmYe2oTcsAvrwwYKm1oFdAW5ay7TenZOjKK6GA4zCT7a89pkHkHDv8YgclgA9r 6BDilwKBC9WmAk3GuRCH4n7as1v55CxddAa0N3lA2rJE5LAfuHFddrCOHNLVK12a v9DxfpPNXQU6xt0TkG3RsmS1PZIKuHf2OSk1qHq/vVwO3W89xiDbeXvGs5INkPfp +Ed+M0y4k3leX0erDZmywJUlZymQXLPCKgx+9FxQx/pSYY2/hm/M0Uaql9y3cQ37 1wrKx3uzHKapBOKjeR4fH4QZX4TD+lWuLi3SLLb6Ci24GBHj0TKHrdgcqHj14SiI U/8DCsnX22xV3yEOWw0HfEgUt8REcaOtsM2mW6ilnj1ZqSMaistIm+TKTNP61ACP 4rRn0NSH6yXQSKIQ =QcRd END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CPE : Common Platform Enumeration

Application 1
Application 2

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-05-23 17:21:05
  • Multiple Updates
2018-04-20 00:21:17
  • Multiple Updates
2018-04-18 21:18:34
  • First insertion