CVE-2018-0455 — Cisco Firesight System Software vulnerability

CWE-194 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firesight System Software Cisco Firepower System Software

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerabilit…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/firepower_system_software8 versions+7

▶CVEListV5cisco/cisco_firesight_system_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-8cr6-pqj8-xf85: A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software co↗2022-05-13

▶

CVEList

Cisco Firepower System Software Detection Engine Denial of Service Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Firepower System Software Detection Engine Denial of Service Vulnerability↗2018-10-03

▶