CVE-2019-1696 — Uncontrolled Resource Consumption in Cisco Firepower Threat Defense Software

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.4HIGHNVD

CNA7.5

EPSS

0.7%

top 27.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software Cisco Firepower Threat Defense Cisco Secure Firewall Management Center

Timeline

PublishedMay 3

Latest updateMay 24

Description

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12

▶NVDcisco/firepower_threat_defense6.0.0 — 6.2.3.12

▶NVDcisco/secure_firewall_management_center6 versions+5

🔴Vulnerability Details

GHSA

GHSA-qvj5-5v4x-34r2: Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software co↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities↗2019-05-01

▶