CVE-2019-1704 — Uncontrolled Resource Consumption in Cisco Firepower Threat Defense Software

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software Cisco Firepower Threat Defense

Timeline

PublishedMay 3

Latest updateMay 24

Description

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_softwareunspecified — 6.2.3.12

▶NVDcisco/firepower_threat_defense6.0.0 — 6.2.3.12

🔴Vulnerability Details

GHSA

GHSA-h552-pj49-gv49: Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software co↗2022-05-24

▶

CVEList

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software SMB Protocol Preprocessor Detection Engine Denial of Service Vulnerabilities↗2019-05-01

▶