CVE-2019-12700 — Uncontrolled Resource Consumption in Cisco Firepower Management Center

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

1.4%

top 19.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Management Center Cisco Firepower Extensible Operating System Cisco Firepower Threat Defense +2 more

Timeline

PublishedOct 2

Latest updateMay 24

Description

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing m…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5cisco/cisco_firepower_management_centerunspecified — n/a

▶NVDcisco/secure_firewall_management_center6.2.0 — 6.2.3.14+2

▶NVDcisco/firepower_extensible_operating_system2.3 — 2.3.1.155+2

▶NVDcisco/firepower_threat_defense6.2.0 — 6.2.3.14+3

▶NVDcisco/firepower_9300_firmwarer114, r241+1

🔴Vulnerability Details

GHSA

GHSA-5gfq-ghv5-4j5q: A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepow↗2022-05-24

▶

CVEList

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability↗2019-10-02

▶