Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:cisco:adaptive_security_appliance_software:98.1\(1.154\):*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-0231 |
A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446. Published: April 19, 2018; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 7.8 HIGH |