Cisco Firepower Threat Defense Software Inline Pair/Passive Mode DoS (cisco-sa-ftd-inline-dos-nXqUyEqM)

high Nessus Plugin ID 152410

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the ingress packet processing path for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly.
Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvt02409

See Also

http://www.nessus.org/u?aac93a08

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt02409

Plugin Details

Severity: High

ID: 152410

File Name: cisco-sa-ftd-inline-dos-nXqUyEqM.nasl

Version: 1.4

Type: local

Family: CISCO

Published: 8/10/2021

Updated: 3/31/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-3577

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:firepower_threat_defense, cpe:/a:cisco:firepower_threat_defense

Required KB Items: installed_sw/Cisco Firepower Threat Defense

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2020

Vulnerability Publication Date: 10/21/2020

Reference Information

CVE: CVE-2020-3577

CWE: 20

CISCO-SA: cisco-sa-ftd-inline-dos-nXqUyEqM

IAVA: 2020-A-0488-S

CISCO-BUG-ID: CSCvt02409