Denial of Service Vulnerability in Cisco Firepower System Software
CVE-2018-0283

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Firepower System Software
Vendor: CVE Published:; 2 May 2018

Summary

A flaw in the detection engine of Cisco Firepower System Software could enable an unauthenticated remote attacker to restart the Snort detection engine on a vulnerable device. This vulnerability arises from improper management of the Transport Layer Security (TLS) TCP connection setup. By sending specifically crafted TLS traffic to the affected device, an attacker could exploit this issue, leading to a transient denial of service condition as the detection engine restarts.

Affected Version(s)

Cisco Firepower System Software Cisco Firepower System Software

References

http://www.securityfocus.com/bid/104121

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Nov 27, 2017