CVE-2018-0231
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
19/04/2018
Last modified:
15/08/2023
Description
A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(1\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:98.1\(1.154\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.0 (including) | 6.1.0.6 (excluding) |
| cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* | 6.2.1 (including) | 6.2.2.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page