Main Vulnerability Database Vulnerabilities #VU12385

#VU12385 Improper input validation in Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC) - CVE-2018-0283

Published: May 7, 2018 / Updated: May 7, 2018

Vulnerability identifier: #VU12385

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0283

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Secure Firewall Management Center (formerly Firepower Management Center, FMC)

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the detection engine due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup. A remote attacker can send specially crafted TLS traffic and cause the service to crash.

Remediation

Update to version 6.2.2.2.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp