Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

Published

2019-10-02T19:15:13.810

Last Modified

2024-11-26T16:09:02.407

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-400
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	firepower_9300_firmware	r114	Yes
Operating System	cisco	firepower_9300_firmware	r241	Yes
Hardware	cisco	firepower_9300	-	No
Operating System	cisco	firepower_extensible_operating_system	≤ 2.2	Yes
Operating System	cisco	firepower_extensible_operating_system	< 2.3.1.155	Yes
Operating System	cisco	firepower_extensible_operating_system	< 2.6.1.131	Yes
Application	cisco	firepower_threat_defense	≤ 6.1.0	Yes
Application	cisco	firepower_threat_defense	< 6.2.3.14	Yes
Application	cisco	secure_firewall_management_center	≤ 6.1.0	Yes
Application	cisco	secure_firewall_management_center	< 6.2.3.14	Yes
Hardware	cisco	firepower_1000	-	No
Hardware	cisco	firepower_2100	-	No
Application	cisco	firepower_threat_defense	≤ 6.1.0	Yes
Application	cisco	firepower_threat_defense	< 6.2.2.5	Yes
Application	cisco	firepower_threat_defense	< 6.2.3.7	Yes
Application	cisco	secure_firewall_management_center	≤ 6.1.0	Yes
Application	cisco	secure_firewall_management_center	< 6.2.3.14	Yes
Application	cisco	secure_firewall_management_center	< 6.2.3.7	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)