CVE-2018-15390Improper Locking in Cisco Firepower Threat Defense

CWE-399CWE-667Improper Locking4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 42.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Threat DefenseCisco Firepower Threat Defense Software
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associat

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

NVDcisco/firepower_threat_defense6.2.3.06.2.3.4

🔴Vulnerability Details

2
GHSA
GHSA-2wx9-x824-p464: A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause2022-05-13
CVEList
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability2018-10-03
CVE-2018-15390 — Improper Locking in Cisco | cvebase