#VU16930 Resource exhaustion in Cisco Firepower Management Center
Vulnerability identifier: #VU16930
Vulnerability risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Firepower Management Center
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. A remote attacker can send a steady stream of remote authentication requests to the appliance when the specific configuration is applied, increase the size of a system log file so that it consumes most of the disk space and cause a DoS condition in which the device functions could operate abnormally, making the device unstable.
Mitigation
The vulnerability has been fixed in the version 6.2.3.7.
Vulnerable software versions
Cisco Firepower Management Center: 6.2.2 - 6.3.0
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-fpwr-mc-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
