Podatność CVE-2021-34781


Publikacja: 2021-10-27

Opis:
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.

Typ:

CWE-755

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.1/10
6.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Pełny
Affected software
Cisco -> Firepower management center virtual appliance 
Cisco -> Firepower threat defense 
Cisco -> Sourcefire defense center 

 Referencje:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r

Copyright 2024, cxsecurity.com

 

Back to Top