CVE-2023-20155Allocation of Resources Without Limits or Throttling in Cisco Secure Firewall Management Center

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.5
EPSS
0.4%
top 40.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure Firewall Management CenterCisco Firepower Management Center
Timeline
PublishedNov 1

Description

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is rela

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center72 versions+71
NVDcisco/secure_firewall_management_center6.2.36.2.3.18+6

🔴Vulnerability Details

2
GHSA
GHSA-mf9w-w633-hm7w: A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the devi2023-11-01
CVEList
CVE-2023-20155: A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the devi2023-11-01

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Software Log API Denial of Service Vulnerability2023-11-01
CVE-2023-20155 — Cisco vulnerability | cvebase