Cisco Firepower Threat Defense Software SNMP DoS (cisco-sa-ftd-snmp-dos-R8ENPbOs)

high Nessus Plugin ID 152485

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability in the Simple Network Management Protocol (SNMP) input packet processor that could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvu80370

See Also

http://www.nessus.org/u?3f8dd6a4

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu80370

Plugin Details

Severity: High

ID: 152485

File Name: cisco-sa-ftd-snmp-dos-R8ENPbOs.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 8/11/2021

Updated: 3/31/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-3533

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:firepower_threat_defense, cpe:/a:cisco:firepower_threat_defense

Required KB Items: installed_sw/Cisco Firepower Threat Defense

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2020

Vulnerability Publication Date: 10/21/2020

Reference Information

CVE: CVE-2020-3533

CWE: 400

CISCO-SA: cisco-sa-ftd-snmp-dos-R8ENPbOs

IAVA: 2020-A-0488-S

CISCO-BUG-ID: CSCvu80370