Cisco Threat Defense up to 6.0.1 Firepower Detection Engine resource management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Cisco Threat Defense up to 6.0.1. It has been declared as problematic. This vulnerability affects unknown code of the component Firepower Detection Engine. The manipulation results in resource management. This vulnerability is cataloged as CVE-2017-12245. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Cisco Threat Defense up to 6.0.1. It has been classified as problematic. Affected is some unknown processing of the component Firepower Detection Engine. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. CVE summarizes:
A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.
The bug was discovered 10/04/2017. The weakness was shared 10/05/2017 as cisco-sa-20171004-ftd as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2017-12245 since 08/03/2017. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 103819 (Cisco Firepower Detection Engine Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (103819) and SecurityFocus (BID 101118†). The entry VDB-107483 is related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.7VulDB Meta Temp Score: 7.6
VulDB Base Score: 5.8
VulDB Temp Score: 5.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.6
NVD Vector: 🔍
CNA Base Score: 8.6
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 103819
Nessus Name: Cisco Firepower Detection Engine Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
08/03/2017 🔍10/04/2017 🔍
10/04/2017 🔍
10/04/2017 🔍
10/05/2017 🔍
10/05/2017 🔍
10/05/2017 🔍
10/12/2017 🔍
11/26/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20171004-ftd
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-12245 (🔍)
GCVE (CVE): GCVE-0-2017-12245
GCVE (VulDB): GCVE-100-107484
SecurityFocus: 101118 - Cisco Firepower Threat Defense Software CVE-2017-12245 Denial of Service Vulnerability
See also: 🔍
Entry
Created: 10/05/2017 15:17Updated: 11/26/2024 19:44
Changes: 10/05/2017 15:17 (67), 11/22/2019 09:21 (6), 11/26/2024 19:44 (27)
Complete: 🔍
Cache ID: 216:46C:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.