CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

Published : 2019-10-02 19:15 Updated : 2019-10-11 12:44

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Cisco Firepower Management Center 6.1.0 cpe:/a:cisco:firepower_management_center:6.1.0
Cisco Firepower Management Center 6.2.3.6 cpe:/a:cisco:firepower_management_center:6.2.3.6
Cisco Firepower Threat Defense 6.1.0 cpe:/a:cisco:firepower_threat_defense:6.1.0
Cisco Firepower Threat Defense 6.2.0 cpe:/a:cisco:firepower_threat_defense:6.2.0
Cisco Firepower Threat Defense 6.2.0.1 cpe:/a:cisco:firepower_threat_defense:6.2.0.1
Cisco Firepower Threat Defense 6.2.0.2 cpe:/a:cisco:firepower_threat_defense:6.2.0.2
Cisco Firepower Threat Defense 6.2.0.3 cpe:/a:cisco:firepower_threat_defense:6.2.0.3
Cisco Firepower Threat Defense 6.2.0.4 cpe:/a:cisco:firepower_threat_defense:6.2.0.4
Cisco Firepower Threat Defense 6.2.0.5 cpe:/a:cisco:firepower_threat_defense:6.2.0.5
Cisco Firepower Threat Defense 6.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.1
Cisco Firepower Threat Defense 6.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2
Cisco Firepower Threat Defense 6.2.2.1 cpe:/a:cisco:firepower_threat_defense:6.2.2.1
Cisco Firepower Threat Defense 6.2.2.2 cpe:/a:cisco:firepower_threat_defense:6.2.2.2
Cisco Firepower Threat Defense 6.2.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.2.3
Cisco Firepower Threat Defense 6.2.2.4 cpe:/a:cisco:firepower_threat_defense:6.2.2.4
Cisco Firepower Threat Defense 6.2.2.5 cpe:/a:cisco:firepower_threat_defense:6.2.2.5
Cisco Firepower Threat Defense 6.2.3 cpe:/a:cisco:firepower_threat_defense:6.2.3
Cisco Firepower Threat Defense 6.2.3.1 cpe:/a:cisco:firepower_threat_defense:6.2.3.1
Cisco Firepower Threat Defense 6.2.3.2 cpe:/a:cisco:firepower_threat_defense:6.2.3.2
Cisco Firepower Threat Defense 6.2.3.3 cpe:/a:cisco:firepower_threat_defense:6.2.3.3
Cisco Firepower Threat Defense 6.2.3.4 cpe:/a:cisco:firepower_threat_defense:6.2.3.4
Cisco Firepower Threat Defense 6.2.3.5 cpe:/a:cisco:firepower_threat_defense:6.2.3.5
Cisco Firepower Threat Defense 6.2.3.6 cpe:/a:cisco:firepower_threat_defense:6.2.3.6
Cisco Firepower Threat Defense 6.2.3.7 cpe:/a:cisco:firepower_threat_defense:6.2.3.7
Cisco Firepower Threat Defense 6.2.3.9 cpe:/a:cisco:firepower_threat_defense:6.2.3.9
Cisco Firepower Threat Defense 6.2.3.10 cpe:/a:cisco:firepower_threat_defense:6.2.3.10
Cisco Firepower Threat Defense 6.2.3.11 cpe:/a:cisco:firepower_threat_defense:6.2.3.11
Cisco Firepower Threat Defense 6.2.3.12 cpe:/a:cisco:firepower_threat_defense:6.2.3.12
Cisco Firepower Threat Defense 6.2.3.13 cpe:/a:cisco:firepower_threat_defense:6.2.3.13
Cisco Firepower 9300 Firmware r114 cpe:/o:cisco:firepower_9300_firmware:r114
Cisco Firepower 9300 Firmware r241 cpe:/o:cisco:firepower_9300_firmware:r241
Cisco Fxos 2.2 cpe:/o:cisco:fxos:2.2
  1. Cisco (4) Search CVE
    1. Firepower 9300 Firmware (2) Search CVE
      1. R114
      2. R241
    2. Firepower Threat Defense (27) Search CVE
      1. 6.1.0
      2. 6.2.0
      3. 6.2.0.1
      4. 6.2.0.2
      5. 6.2.0.3
      6. 6.2.0.4
      7. 6.2.0.5
      8. 6.2.1
      9. 6.2.2
      10. 6.2.2.1
      11. 6.2.2.2
      12. 6.2.2.3
      13. 6.2.2.4
      14. 6.2.2.5
      15. 6.2.3
      16. 6.2.3.1
      17. 6.2.3.2
      18. 6.2.3.3
      19. 6.2.3.4
      20. 6.2.3.5
      21. 6.2.3.6
      22. 6.2.3.7
      23. 6.2.3.9
      24. 6.2.3.10
      25. 6.2.3.11
      26. 6.2.3.12
      27. 6.2.3.13
    3. Fxos (1) Search CVE
      1. 2.2
    4. Firepower Management Center (2) Search CVE
      1. 6.1.0
      2. 6.2.3.6

CWE

ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

History of changes

Date Event
2019-10-11 12:44
2019-10-02 19:17

New CVE