CVE-2019-12700

EPSS 1.42%
Published 02.10.2019 19:15:13
Last modified 26.11.2024 16:09:02
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower 9300 Firmware Versionr114

Cisco ≫ Firepower 9300 Version-

Cisco ≫ Firepower 9300 Firmware Versionr241

Cisco ≫ Firepower 9300 Version-

Cisco ≫ Firepower Extensible Operating System Version <= 2.2

Cisco ≫ Firepower Extensible Operating System Version >= 2.3 < 2.3.1.155

Cisco ≫ Firepower Extensible Operating System Version >= 2.4 < 2.6.1.131

Cisco ≫ Firepower Threat Defense Version <= 6.1.0

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Firepower Threat Defense Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Secure Firewall Management Center Version <= 6.1.0

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Secure Firewall Management Center Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Firepower 1000 Version-
Cisco ≫ Firepower 2100 Version-

Cisco ≫ Firepower Threat Defense Version <= 6.1.0

Cisco ≫ Firepower Threat Defense Version >= 6.2.0 < 6.2.2.5

Cisco ≫ Firepower Threat Defense Version >= 6.2.3 < 6.2.3.7

Cisco ≫ Secure Firewall Management Center Version <= 6.1.0

Cisco ≫ Secure Firewall Management Center Version >= 6.2.0 < 6.2.3.14

Cisco ≫ Secure Firewall Management Center Version >= 6.2.3 < 6.2.3.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.42%	0.788

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C
psirt@cisco.com	7.7	3.1	4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12700

EUVD