Cisco Firepower Management Center up to 7.3.1.1 Logging API denial of service

Summaryinfo

A vulnerability, which was classified as problematic, has been found in Cisco Firepower Management Center. This impacts an unknown function of the component Logging API. This manipulation causes denial of service. This vulnerability is handled as CVE-2023-20155. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Cisco Firepower Management Center (Firewall Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Logging API. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

The weakness was released 11/01/2023 as cisco-sa-fmc-logview-dos-AYJdeX55. It is possible to read the advisory at sec.cloudapps.cisco.com. This vulnerability is known as CVE-2023-20155 since 10/27/2022. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

Upgrading eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Firewall Software

Vendor

• Cisco

Name

• Firepower Management Center

Version

• 6.2.3
• 6.2.3.1
• 6.2.3.2
• 6.2.3.3
• 6.2.3.4
• 6.2.3.5
• 6.2.3.6
• 6.2.3.7
• 6.2.3.8
• 6.2.3.9
• 6.2.3.10
• 6.2.3.11
• 6.2.3.12
• 6.2.3.13
• 6.2.3.14
• 6.2.3.15
• 6.2.3.16
• 6.2.3.17
• 6.2.3.18
• 6.4.0
• 6.4.0.1
• 6.4.0.2
• 6.4.0.3
• 6.4.0.4
• 6.4.0.5
• 6.4.0.6
• 6.4.0.7
• 6.4.0.8
• 6.4.0.9
• 6.4.0.10
• 6.4.0.11
• 6.4.0.12
• 6.4.0.13
• 6.4.0.14
• 6.4.0.15
• 6.4.0.16
• 6.6.0
• 6.6.0.1
• 6.6.1
• 6.6.3
• 6.6.4
• 6.6.5
• 6.6.5.1
• 6.6.5.2
• 6.6.7
• 6.6.7.1
• 6.7.0
• 6.7.0.1
• 6.7.0.2
• 6.7.0.3
• 7.0.0
• 7.0.0.1
• 7.0.1
• 7.0.1.1
• 7.0.2
• 7.0.2.1
• 7.0.3
• 7.0.4
• 7.0.5
• 7.1.0
• 7.1.0.1
• 7.1.0.2
• 7.1.0.3
• 7.2.0
• 7.2.0.1
• 7.2.1
• 7.2.2
• 7.2.3
• 7.2.3.1
• 7.3.0
• 7.3.1
• 7.3.1.1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion