CVE-2018-0240 — Cisco Adaptive Security Appliance Software vulnerability

CWE-3994 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.6%

top 18.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense

Timeline

PublishedApr 19

Latest updateMay 13

Description

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an af…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software9.6.0.0 — 9.6.4.6+3

▶NVDcisco/firepower_threat_defense6.2.0 — 6.2.0.5+2

🔴Vulnerability Details

GHSA

GHSA-c4wx-x65q-h4fx: Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower↗2022-05-13

▶

CVEList

CVE-2018-0240: Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities↗2018-04-18

▶