CVE-2018-0228 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation CWE-667 — Improper Locking4 documents4 sources

Severity

8.6HIGHNVD

EPSS

4.2%

top 11.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense

Timeline

PublishedApr 19

Latest updateMay 13

Description

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software lock that could prevent other system processes from getting CPU cycles, causing a high CPU condition. An attacker could exploit this vulnerability by send…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software9.1 — 9.1.7.20+7

▶NVDcisco/firepower_threat_defense6.0 — 6.1.0.6+2

🔴Vulnerability Details

GHSA

GHSA-mg38-475c-j5r2: A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker↗2022-05-13

▶

CVEList

CVE-2018-0228: A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability↗2018-04-18

▶