Denial of service in Cisco Firepower Management Center

Published: 2019-01-10

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-15458
CWE-ID	CWE-400
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) Client/Desktop applications / Antivirus software/Personal firewalls
Vendor	Cisco Systems, Inc

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU16930

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-15458

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. A remote attacker can send a steady stream of remote authentication requests to the appliance when the specific configuration is applied, increase the size of a system log file so that it consumes most of the disk space and cause a DoS condition in which the device functions could operate abnormally, making the device unstable.

Mitigation

The vulnerability has been fixed in the version 6.2.3.7.

Vulnerable software versions

Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC): 6.2.2 - 6.3.0

CPE2.3

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-fpwr-mc-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.