CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-15388

HIGH
8.6
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile9.41th
Published2019年5月3日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.

Affected Platforms (CPE)

📦
Cisco

Adaptive Security Appliance Software

< 9.4.4.34
💻
Cisco

Adaptive Security Appliance Software

>= 9.5 and < 9.6.4.25
💻
Cisco

Adaptive Security Appliance Software

>= 9.7 and < 9.8.4
💻
Cisco

Adaptive Security Appliance Software

>= 9.9 and < 9.9.2.50
📦
Cisco

Firepower Threat Defense

< 6.2.3.12

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos

関連する脆弱性情報

CVE-2013-550910.0

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote...

CVE-2009-491910.0

Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attacker...

CVE-2009-491210.0

Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS c...

CVE-2013-551110.0

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x...