CVE-2018-15390 vulnerability in Cisco Products
Published on October 5, 2018
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition.
Weakness Type
Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Products Associated with CVE-2018-15390
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-15390 are published in these products:
Affected Versions
Cisco Firepower Threat Defense Software Version n/a is affected by CVE-2018-15390Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.