漏洞标题
思科FTD、FMC和FXOS软件插件身份验证模块拒绝服务漏洞
漏洞描述信息
Cisco Firepower 威胁防御(FTD)软件、Cisco Firepower 管理中心(FMC)软件和 Cisco FXOS 软件中使用的可插拔身份验证模块(PAM)的配置存在漏洞,该漏洞可能允许经过身份验证的远程攻击者导致拒绝服务(DoS)状况。该漏洞是由于在用户会话管理的上下文中资源管理不当导致的。攻击者可能通过连接到受影响的系统并执行多个同时成功的 Secure Shell (SSH) 登录来利用此漏洞。成功的利用可能导致攻击者耗尽系统资源并导致设备重新加载,从而引发 DoS 状况。要利用此漏洞,攻击者需要系统上的有效用户凭据。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
漏洞描述信息
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.
CVSS信息
N/A
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
Cisco Firepower Threat Defense、Cisco Firepower Management Center和FXOS Software Pluggable Authentication Module 资源管理错误漏洞
漏洞描述信息
Cisco FTD、Cisco FMC和FXOS Software中的Pluggable Authentication Module的配置存在资源管理错误漏洞。远程攻击者可通过连接到受影响设备并同时进行多个SSH登录利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
其他