Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-1700 |
CWE-ID | CWE-20 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
Firepower 9000 Series Hardware solutions / Firmware |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU17846
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1700
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack.
The vulnerability exists in field-programmable gate array (FPGA) ingress buffer management due to a logic error in the FPGA related to the processing of different types of input packet. An adjacent attacker can send a specially crafted sequence of input packets to a specific interface on an affected device, cause a queue wedge condition on the interface and cause the affected device to stop processing any additional packets that are received on the wedged interface.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFirepower 9000 Series: 2.2.200.8
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.