Main Vulnerability Database SB2019022212

SB2019022212 - Denial of service in Cisco Firepower 9000 Series

Published: February 22, 2019

Security Bulletin ID SB2019022212

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-1700)

The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack.

The vulnerability exists in field-programmable gate array (FPGA) ingress buffer management due to a logic error in the FPGA related to the processing of different types of input packet. An adjacent attacker can send a specially crafted sequence of input packets to a specific interface on an affected device, cause a queue wedge condition on the interface and cause the affected device to stop processing any additional packets that are received on the wedged interface.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos