Cisco ASA/FTD DMA Memory Overflow DoS Vulnerability Advisory (CVE-2018-15383)

From this web page screenshot, we can extract the following key information about the vulnerability: Vulnerability Title: - Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability Severity: - High Summary: - This vulnerability exists in the encryption hardware accelerator driver of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software. A remote attacker can send a high volume of malicious traffic, causing affected devices to experience memory overflow, leading to device reboots and resulting in a temporary Denial of Service (DoS) condition. Affected Products: - Includes ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, and ASA 5516-X devices that have FirePOWER Services installed. - Also affects products that do not have FirePOWER Services installed or enabled. Fixed Software: - Cisco has released software updates to address this vulnerability. Risk Assessment (CVSS Score): - Base: 8.6 Vulnerability ID: - cisco-sa-20181003-asa-dma-dos - CVE-2018-15383 - Related to CWE-770 Version and Update Time: - Version 1.1: Final - Last Updated: October 29, 2018, 14:02 GMT Cisco Bug ID: - CSCvj89470 Vulnerability Description: - Under low memory conditions, the affected software improperly handles resources. When the affected software is unable to allocate DMA memory, it may cause the device to crash and reboot, resulting in a temporary DoS condition. Fixes (Fixed Releases): - Lists of fixed ASA software and FTD software releases are provided. - Examples of commands to check device logs and status are included.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ASA/FTD DMA Memory Overflow DoS Vulnerability Advisory (CVE-2018-15383)