CVE-2018-15458Allocation of Resources Without Limits or Throttling in Cisco Firepower Management Center

CWE-399CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
4.6%
top 10.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Firepower Management CenterCisco Secure Firewall Management Center
Timeline
PublishedJan 10
Latest updateMay 13

Description

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulne

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/secure_firewall_management_center6.2.2, 6.2.3, 6.3.0+2

🔴Vulnerability Details

2
GHSA
GHSA-jm4h-6jwp-8h23: A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, co2022-05-13
CVEList
Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability2019-01-10

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability2019-01-09
CVE-2018-15458 — Cisco vulnerability | cvebase