CVE-2018-15383

EPSS 0.94%
Veröffentlicht 05.10.2018 14:29:07
Zuletzt bearbeitet 21.11.2024 03:50:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version6.0

Cisco ≫ Firepower Threat Defense Version6.0.1

Cisco ≫ Firepower Threat Defense Version6.1.0

Cisco ≫ Firepower Threat Defense Version6.2.0

Cisco ≫ Firepower Threat Defense Version6.2.2

Cisco ≫ Firepower Threat Defense Version6.2.3

Cisco ≫ Adaptive Security Appliance Software Version9.3

Cisco ≫ Adaptive Security Appliance Software Version9.4

Cisco ≫ Adaptive Security Appliance Software Version9.5

Cisco ≫ Adaptive Security Appliance Software Version9.6

Cisco ≫ Adaptive Security Appliance Software Version9.6(43)

Cisco ≫ Adaptive Security Appliance Software Version9.7

Cisco ≫ Adaptive Security Appliance Software Version9.8

Cisco ≫ Adaptive Security Appliance Software Version9.9

Cisco ≫ Adaptive Security Appliance Software Version9.9(28)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.94%	0.753

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

http://www.securitytracker.com/id/1041787

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-15383

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15383

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15383

EUVD