Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-20155

Опубликовано: 01 нояб. 2023
Источник: nvd
CVSS3: 7.5
CVSS3: 6.5
EPSS Низкий

Описание

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 6.2.3 (включая) до 6.2.3.18 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 6.4.0 (включая) до 6.4.0.16 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 6.6.0 (включая) до 6.6.7.1 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.5 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 7.1.0 (включая) до 7.1.0.3 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 7.2.0 (включая) до 7.2.3.1 (включая)
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Версия от 7.3.0 (включая) до 7.3.1.1 (включая)

EPSS

Процентиль: 59%
0.00386
Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770
CWE-400

Связанные уязвимости

github логотип

GHSA-mf9w-w633-hm7w

CVSS3: 7.5
github
больше 2 лет назад

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

fstec логотип

BDU:2023-08156

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость реализации прикладного программного интерфейса программного обеспечения администрирования сети Cisco Firepower Management Center (FMC), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 59%
0.00386
Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770
CWE-400