CVE-2018-15443Uncontrolled Resource Consumption in Cisco Firepower Management Center

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
CNA5.8
EPSS
0.6%
top 30.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Firepower Management Center
Timeline
PublishedNov 8
Latest updateMay 13

Description

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-r3fv-hxw4-7fj4: A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intr2022-05-13
CVEList
Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability2018-11-08

📋Vendor Advisories

1
Cisco
Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability2018-11-07
CVE-2018-15443 — Uncontrolled Resource Consumption | cvebase