CVE-2018-0383Protection Mechanism Failure in Cisco Secure Firewall Management Center

CWE-693Protection Mechanism Failure4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.4%
top 40.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Firewall Management Center
Timeline
PublishedJul 16
Latest updateMay 13

Description

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the transfer of files to an affected system via FTP. The vulnerability exists because the affected software incorrectly handles FTP control connections. An attacker could exploit this vulnerability by sending a maliciously crafted FTP connection to transfer a file to an affected device. A successful exploit could allow the

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

NVDcisco/secure_firewall_management_center6.2.2.1, 6.2.3, 6.3.0+2

🔴Vulnerability Details

2
GHSA
GHSA-wv8r-xv2m-hgrw: A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy tha2022-05-13
CVEList
CVE-2018-0383: A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a file policy tha2018-07-16

📋Vendor Advisories

1
Cisco
Cisco FireSIGHT System Software File Policy Bypass Vulnerability2018-07-11
CVE-2018-0383 — Protection Mechanism Failure in Cisco | cvebase