Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-0385 CVE-2018-0370 |
CWE-ID | CWE-20 CWE-400 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Firepower Management Center Client/Desktop applications / Antivirus software/Personal firewalls |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU13856
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0385
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the detection engine parsing of Security Socket Layer (SSL) protocol packets due to improper input handling of the SSL traffic. A remote attacker can send a specially crafted SSL traffic to the detection engine and cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped.
MitigationUpdate to version 6.2.2.4.
Vulnerable software versionsCisco Firepower Management Center: 5.4.0 - 6.3.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13857
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0370
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the detection engine due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. A remote attacker can send malicious traffic through an affected device, increase the resource consumption of a single instance of the Snort detection engine on an affected device and cause performance degradation and eventually the restart of the affected Snort process.
MitigationUpdate to version 6.2.2.3, 6.2.3.
Cisco Firepower Management Center: 6.1.0.7 - 6.2.2.2
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.