Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-1489— Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability

EPSS 0.25% · P48
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-1489

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Firepower Device Manager 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Firepower Device Manager(FDM)是美国思科(Cisco)公司的一款防火墙设备管理器。该产品支持访问规则配置、系统监控等功能。 Cisco Firepower Device Manager 存在资源管理错误漏洞,该漏洞允许经过身份验证的远程攻击者可利用该漏洞耗尽文件系统资源,导致受影响的设备出现拒绝服务(DoS)状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Firepower Threat Defense Software n/a -

II. Public POCs for CVE-2021-1489

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-1489

登录查看更多情报信息。

Same Patch Batch · Cisco · 2021-04-29 · 17 CVEs total

CVE-2021-14458.6 HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Servi
CVE-2021-15018.6 HIGHCisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP
CVE-2021-15048.6 HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Servi
CVE-2021-14938.5 HIGHCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Servi
CVE-2021-14766.7 MEDIUMCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command I
CVE-2021-14886.7 MEDIUMCisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firep
CVE-2021-12566.0 MEDIUMCisco Firepower Threat Defense Software Command File Overwrite Vulnerability
CVE-2021-14955.8 MEDIUMMultiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
CVE-2021-13695.4 MEDIUMCisco Firepower Device Manager On-Box Software XML External Entity Vulnerability
CVE-2021-14564.8 MEDIUMCisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
CVE-2021-14574.8 MEDIUMCisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
CVE-2021-14584.8 MEDIUMCisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities
CVE-2021-14774.3 MEDIUMCisco Firepower Management Center Software Policy Vulnerability
CVE-2021-1402Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerabil
CVE-2021-1448Cisco Firepower Threat Defense Software Command Injection Vulnerability
CVE-2021-1455Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

IV. Related Vulnerabilities

Same product: Cisco Firepower Threat Defense Software
Same vendor: Cisco
Same weakness: CWE-400

V. Comments for CVE-2021-1489

No comments yet

Leave a comment