Sign-up

ID

VAR-201805-0518


CVE

CVE-2018-0281


TITLE

Cisco Firepower System Cryptographic vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-004607

DESCRIPTION

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg97808 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0281 // JVNDB: JVNDB-2018-004607 // BID: 104096 // VULHUB: VHN-118483

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.1

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 0.9

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 0.9

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.1

Trust: 0.9

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:firepower management centerscope:eqversion:6.1

Trust: 0.3

sources: BID: 104096 // JVNDB: JVNDB-2018-004607 // CNNVD: CNNVD-201805-078 // NVD: CVE-2018-0281

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0281
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0281
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-078
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118483
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0281
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118483
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0281
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118483 // JVNDB: JVNDB-2018-004607 // CNNVD: CNNVD-201805-078 // NVD: CVE-2018-0281

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-319

Trust: 1.1

sources: VULHUB: VHN-118483 // JVNDB: JVNDB-2018-004607 // NVD: CVE-2018-0281

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-078

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004607

PATCH
title:cisco-sa-20180502-fpwr-txdosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-txdos
Trust: 0.8
title:Cisco Firepower System Software Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79814
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004607 // 
            
            
            
            CNNVD: CNNVD-201805-078

EXTERNAL IDS
db:NVDid:CVE-2018-0281
Trust: 2.8
db:BIDid:104096
Trust: 2.0
db:JVNDBid:JVNDB-2018-004607
Trust: 0.8
db:CNNVDid:CNNVD-201805-078
Trust: 0.6
db:VULHUBid:VHN-118483
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118483 // 
            
            
            
            BID: 104096 // 
            
            
            
            JVNDB: JVNDB-2018-004607 // 
            
            
            
            CNNVD: CNNVD-201805-078 // 
            
            
            
            NVD: CVE-2018-0281

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-fpwr-txdos
Trust: 2.0
url:http://www.securityfocus.com/bid/104096
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0281
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0281
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118483 // 
            
            
            
            BID: 104096 // 
            
            
            
            JVNDB: JVNDB-2018-004607 // 
            
            
            
            CNNVD: CNNVD-201805-078 // 
            
            
            
            NVD: CVE-2018-0281

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104096

SOURCES
db:VULHUBid:VHN-118483
db:BIDid:104096
db:JVNDBid:JVNDB-2018-004607
db:CNNVDid:CNNVD-201805-078
db:NVDid:CVE-2018-0281

LAST UPDATE DATE
2024-11-27T22:54:58.759000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118483date:2019-10-09T00:00:00
db:BIDid:104096date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004607date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-078date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0281date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-118483date:2018-05-02T00:00:00
db:BIDid:104096date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004607date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-078date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0281date:2018-05-02T22:29:01.027