CVE-2018-0272Improper Handling of Exceptional Conditions in Cisco Firepower

CWE-399CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.4%
top 38.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firepower
Timeline
PublishedApr 19
Latest updateMay 13

Description

A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDcisco/firepower6.2.1, 6.2.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gg84-j6g5-hr53: A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a2022-05-13
CVEList
CVE-2018-0272: A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a2018-04-19

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense SSL Engine High CPU Denial of Service Vulnerability2018-04-18
CVE-2018-0272 — Cisco Firepower vulnerability | cvebase