CVE-2019-12700

EPSS 1.42%
Veröffentlicht 02.10.2019 19:15:13
Zuletzt bearbeitet 26.11.2024 16:09:02
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower 9300 Firmware Versionr114

Cisco ≫ Firepower 9300 Version-

Cisco ≫ Firepower 9300 Firmware Versionr241

Cisco ≫ Firepower 9300 Version-

Cisco ≫ Firepower Extensible Operating System Version <= 2.2

Cisco ≫ Firepower Extensible Operating System Version >= 2.3 < 2.3.1.155

Cisco ≫ Firepower Extensible Operating System Version >= 2.4 < 2.6.1.131

Cisco ≫ Firepower Threat Defense Version <= 6.1.0

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Firepower Threat Defense Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Secure Firewall Management Center Version <= 6.1.0

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Secure Firewall Management Center Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Firepower Threat Defense Version <= 6.1.0

Cisco ≫ Firepower Threat Defense Version >= 6.2.0 < 6.2.2.5

Cisco ≫ Firepower Threat Defense Version >= 6.2.3 < 6.2.3.7

Cisco ≫ Secure Firewall Management Center Version <= 6.1.0

Cisco ≫ Secure Firewall Management Center Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Secure Firewall Management Center Version >= 6.2.3 < 6.2.3.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.42%	0.788

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
psirt@cisco.com	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12700

EUVD