CVE-2021-1489 — Uncontrolled Resource Consumption in Cisco Firepower Device Manager

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 50.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Device Manager Cisco Firepower Threat Defense Software

Timeline

PublishedApr 29

Latest updateMay 24

Description

A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/firepower_device_manager6.4.0 — 6.4.0.12+2

▶CVEListV5cisco/cisco_firepower_threat_defense_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-8r35-6q65-m8qm: A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exha↗2022-05-24

▶

CVEList

Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability↗2021-04-29

▶

📋Vendor Advisories

Cisco

Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability↗2021-04-28

▶