Main Vulnerability Database Vulnerabilities #VU12385

Improper input validation in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2018-0283

Published: May 7, 2018 / Updated: May 7, 2018

Vulnerability identifier: #VU12385

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0283

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup. A remote attacker can send specially crafted TLS traffic and cause the service to crash.

How to mitigate CVE-2018-0283

Update to version 6.2.2.2.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp

Improper input validation in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2018-0283

Detailed vulnerability description

How to mitigate CVE-2018-0283

Sources

Please verify you're human