Details of VAR-201804-0994

ID

VAR-201804-0994

CVE

CVE-2018-0240

TITLE

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004425

DESCRIPTION

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456. Vendors have confirmed this vulnerability Bug ID CSCve61540 , CSCvh23085 ,and CSCvh95456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. AdaptiveSecurityAppliance (ASA)Software is one of the operating systems. ClientlessSecureSocketsLayer(SSL)VPN is one of the SSL (Secure Sockets Layer) VPN applications

Trust: 2.52

sources: NVD: CVE-2018-0240 // JVNDB: JVNDB-2018-004425 // CNVD: CNVD-2018-16188 // BID: 103934 // VULHUB: VHN-118442

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-16188

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security virtual appliance	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.6.4.6	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.7.1.24	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.2.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.6.0.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.2.2	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lte	version:	6.1.0.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.1.4	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.2.0.5	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.1.0	Trust: 1.0
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.1	Trust: 0.9
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2	Trust: 0.9
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.2.2	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	firepower threat defense virtual	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	series industrial security appliance	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x	Trust: 0.6
vendor:	cisco	model:	asa services module for cisco catalyst series switches and cisco series routers	scope:	eq	version:	65007600	Trust: 0.6
vendor:	cisco	model:	firepower series security appliance	scope:	eq	version:	2100	Trust: 0.6
vendor:	cisco	model:	firepower series security appliances	scope:	eq	version:	4100	Trust: 0.6
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	9300	Trust: 0.6
vendor:	cisco	model:	ftd virtual	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.6<=9.9	Trust: 0.6
vendor:	cisco	model:	firepower threat defense software	scope:	eq	version:	6.1	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.1	Trust: 0.6
vendor:	cisco	model:	firepower threat defense virtual	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.10	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.5	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.3	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.7	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.2.3	Trust: 0.6
vendor:	cisco	model:	firepower threat defense virtual	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	firepower asa security module	scope:	eq	version:	93000	Trust: 0.3
vendor:	cisco	model:	firepower series security appliances	scope:	eq	version:	41000	Trust: 0.3
vendor:	cisco	model:	firepower series security appliance	scope:	eq	version:	21000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco catalyst series switches	scope:	eq	version:	65000	Trust: 0.3
vendor:	cisco	model:	asa services module for cisco series routers	scope:	eq	version:	76000	Trust: 0.3
vendor:	cisco	model:	asa series next-generation firewalls	scope:	eq	version:	5500-x0	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x99.2(0.32)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x99.1(20.190)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.9(1.77)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.8(2.21)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.8(2.12)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.7(1.17)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.7(1)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x9.6(4)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x101.4(1.24)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x101.3(1.51)	Trust: 0.3
vendor:	cisco	model:	asa series firewalls	scope:	eq	version:	5500-x101.3(1.23)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliances	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	adaptive security virtual appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.9	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.3
vendor:	cisco	model:	series industrial security appliance	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.2.2.2	Trust: 0.3
vendor:	cisco	model:	firepower threat defense software	scope:	ne	version:	6.2.0.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.9.1.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.8.2.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.7.1.24	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6.4.6	Trust: 0.3

sources: CNVD: CNVD-2018-16188 // BID: 103934 // JVNDB: JVNDB-2018-004425 // CNNVD: CNNVD-201804-1102 // NVD: CVE-2018-0240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0240
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0240
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-16188
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-1102
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118442
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0240
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-16188
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118442
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0240
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0240
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-16188 // VULHUB: VHN-118442 // JVNDB: JVNDB-2018-004425 // CNNVD: CNNVD-201804-1102 // NVD: CVE-2018-0240

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-693	Trust: 0.8

sources: VULHUB: VHN-118442 // JVNDB: JVNDB-2018-004425 // NVD: CVE-2018-0240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1102

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1102

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004425

PATCH

title:	cisco-sa-20180418-asa_inspect	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect	Trust: 0.8
title:	Patch for Multiple Cisco Product Denial of Service Vulnerabilities (CNVD-2018-16188)	url:	https://www.cnvd.org.cn/patchInfo/show/138327	Trust: 0.6
title:	Multiple Cisco product Adaptive Security Appliance and Firepower Threat Defense Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81397	Trust: 0.6

sources: CNVD: CNVD-2018-16188 // JVNDB: JVNDB-2018-004425 // CNNVD: CNNVD-201804-1102

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0240	Trust: 3.4
db:	BID	id:	103934	Trust: 2.6
db:	ICS CERT	id:	ICSA-18-184-01	Trust: 2.5
db:	SECTRACK	id:	1040722	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004425	Trust: 0.8
db:	CNVD	id:	CNVD-2018-16188	Trust: 0.6
db:	CNNVD	id:	CNNVD-201804-1102	Trust: 0.6
db:	VULHUB	id:	VHN-118442	Trust: 0.1

sources: CNVD: CNVD-2018-16188 // VULHUB: VHN-118442 // BID: 103934 // JVNDB: JVNDB-2018-004425 // CNNVD: CNNVD-201804-1102 // NVD: CVE-2018-0240

REFERENCES

url:	http://www.securityfocus.com/bid/103934	Trust: 2.9
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-asa_inspect	Trust: 2.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-184-01	Trust: 1.7
url:	http://www.securitytracker.com/id/1040722	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0240	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0240	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-184-01	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-16188 // VULHUB: VHN-118442 // BID: 103934 // JVNDB: JVNDB-2018-004425 // CNNVD: CNNVD-201804-1102 // NVD: CVE-2018-0240

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 103934

SOURCES

db:	CNVD	id:	CNVD-2018-16188
db:	VULHUB	id:	VHN-118442
db:	BID	id:	103934
db:	JVNDB	id:	JVNDB-2018-004425
db:	CNNVD	id:	CNNVD-201804-1102
db:	NVD	id:	CVE-2018-0240

LAST UPDATE DATE

2024-11-23T22:22:06.766000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-16188	date:	2018-08-25T00:00:00
db:	VULHUB	id:	VHN-118442	date:	2019-10-09T00:00:00
db:	BID	id:	103934	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004425	date:	2019-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201804-1102	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0240	date:	2024-11-21T03:37:47.810

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-16188	date:	2017-08-24T00:00:00
db:	VULHUB	id:	VHN-118442	date:	2018-04-19T00:00:00
db:	BID	id:	103934	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004425	date:	2018-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201804-1102	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2018-0240	date:	2018-04-19T20:29:00.817