Sign-up

ID

VAR-201805-0519


CVE

CVE-2018-0283


TITLE

Cisco Firepower System Cryptographic vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-004608

DESCRIPTION

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg99327 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The detection engine is one of the intrusion detection engines

Trust: 1.98

sources: NVD: CVE-2018-0283 // JVNDB: JVNDB-2018-004608 // BID: 104121 // VULHUB: VHN-118485

AFFECTED PRODUCTS

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.1.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.3

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.0

Trust: 1.0

vendor:ciscomodel:secure firewall management centerscope:eqversion:6.2.2

Trust: 1.0

vendor:ciscomodel:firepower management centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.1.0

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.2

Trust: 0.6

vendor:ciscomodel:firepower management centerscope:eqversion:6.2.3

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

sources: BID: 104121 // JVNDB: JVNDB-2018-004608 // CNNVD: CNNVD-201805-077 // NVD: CVE-2018-0283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0283
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0283
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-077
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0283
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0283
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118485 // JVNDB: JVNDB-2018-004608 // CNNVD: CNNVD-201805-077 // NVD: CVE-2018-0283

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-319

Trust: 1.1

sources: VULHUB: VHN-118485 // JVNDB: JVNDB-2018-004608 // NVD: CVE-2018-0283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-077

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004608

PATCH
title:cisco-sa-20180502-fpwr-codpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp
Trust: 0.8
title:Cisco Firepower System Software detection Fixes for engine encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79813
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004608 // 
            
            
            
            CNNVD: CNNVD-201805-077

EXTERNAL IDS
db:NVDid:CVE-2018-0283
Trust: 2.8
db:BIDid:104121
Trust: 2.0
db:JVNDBid:JVNDB-2018-004608
Trust: 0.8
db:CNNVDid:CNNVD-201805-077
Trust: 0.6
db:VULHUBid:VHN-118485
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118485 // 
            
            
            
            BID: 104121 // 
            
            
            
            JVNDB: JVNDB-2018-004608 // 
            
            
            
            CNNVD: CNNVD-201805-077 // 
            
            
            
            NVD: CVE-2018-0283

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-fpwr-codp
Trust: 2.0
url:http://www.securityfocus.com/bid/104121
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0283
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0283
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118485 // 
            
            
            
            BID: 104121 // 
            
            
            
            JVNDB: JVNDB-2018-004608 // 
            
            
            
            CNNVD: CNNVD-201805-077 // 
            
            
            
            NVD: CVE-2018-0283

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104121

SOURCES
db:VULHUBid:VHN-118485
db:BIDid:104121
db:JVNDBid:JVNDB-2018-004608
db:CNNVDid:CNNVD-201805-077
db:NVDid:CVE-2018-0283

LAST UPDATE DATE
2024-11-27T22:53:45.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118485date:2019-10-09T00:00:00
db:BIDid:104121date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004608date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-077date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0283date:2024-11-26T16:09:02.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-118485date:2018-05-02T00:00:00
db:BIDid:104121date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004608date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-077date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0283date:2018-05-02T22:29:01.120