Overview
- Description
- A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D27DE97-510A-4761-8184-6940745B54E2",
"versionEndExcluding": "6.3.0.6",
"versionStartIncluding": "6.3.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53C69C8B-5A19-4613-8861-683CF21806B7",
"versionEndExcluding": "6.4.0.10",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ED0E59C-146C-494F-AD46-F6FB43F9C575",
"versionEndExcluding": "6.5.0.5",
"versionStartIncluding": "6.5.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24"
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]