Detections
Analytics
Cisco Firepower Threat Defense Software 6.x < 6.2.3.12 / 6.3.x < 6.3.0.3 Multiple Vulnerabilities
high Nessus Plugin ID 125256
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco Firepower Threat Defense Software is affected by following vulnerabilities:- A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device.
(CVE-2018-15462)
- A vulnerability in the TCP proxy functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition. (CVE-2019-1687)
- A vulnerability in the TCP processing engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker who is using a TCP protocol that is configured for inspection could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. (CVE-2019-1694)
Please see the included Cisco BIDs and Cisco Security Advisory for more information
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvf95761, CSCvg76064, CSCvk35736, CSCvk44166, CSCvn51149, CSCvn78174See Also
http://www.nessus.org/u?ae940f05
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf95761
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg76064
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk35736
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk44166
Plugin Details
Severity: High
ID: 125256
File Name: cisco-sa-20190501-firepower-dos.nasl
Version: 1.3
Type: local
Family: CISCO
Published: 5/17/2019
Updated: 4/27/2020
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2018-15462
CVSS v3
Risk Factor: High
Base Score: 8.6
Temporal Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:firepower_threat_defense
Required KB Items: Settings/ParanoidReport, Host/Cisco/ASA, Host/Cisco/show_ver
Exploit Ease: No known exploits are available
Patch Publication Date: 5/1/2019
Vulnerability Publication Date: 5/1/2019