What is the severity of CVE-2018-0385?

CVE-2018-0385 has been classified with a CVSS score indicating a moderately high severity due to its potential for denial of service.

How do I fix CVE-2018-0385?

To fix CVE-2018-0385, users should update Cisco Firepower System Software to the latest available version as recommended by Cisco's security advisory.

What type of attack does CVE-2018-0385 enable?

CVE-2018-0385 allows an unauthenticated remote attacker to cause a denial of service condition by triggering a restart of the Snort process.

Which Cisco products are affected by CVE-2018-0385?

CVE-2018-0385 affects multiple versions of Cisco Secure Firewall Management Center and Cisco Firepower Management Center Software.

Is CVE-2018-0385 remotely exploitable?

Yes, CVE-2018-0385 is remotely exploitable without authentication, making it a serious concern for affected Cisco systems.

Vulnerability/
CVE-2018-0385

high

7.5

CWE

20 399

16/7/2018

29/11/2024

CVE-2018-0385: Input Validation

First published: Mon Jul 16 2018(Updated: 5 months ago)

A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Secure Firewall Management Center	=5.4.0
Cisco Secure Firewall Management Center	=6.0.0
Cisco Secure Firewall Management Center	=6.1.0
Cisco Secure Firewall Management Center	=6.2.0
Cisco Secure Firewall Management Center	=6.2.2
Cisco Secure Firewall Management Center	=6.2.3
Cisco Secure Firewall Management Center	=6.3.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=5.4.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.0.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.1.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.2.0
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.2.2
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.2.3
Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software	=6.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0385?
CVE-2018-0385 has been classified with a CVSS score indicating a moderately high severity due to its potential for denial of service.
How do I fix CVE-2018-0385?
To fix CVE-2018-0385, users should update Cisco Firepower System Software to the latest available version as recommended by Cisco's security advisory.
What type of attack does CVE-2018-0385 enable?
CVE-2018-0385 allows an unauthenticated remote attacker to cause a denial of service condition by triggering a restart of the Snort process.
Which Cisco products are affected by CVE-2018-0385?
CVE-2018-0385 affects multiple versions of Cisco Secure Firewall Management Center and Cisco Firepower Management Center Software.
Is CVE-2018-0385 remotely exploitable?
Yes, CVE-2018-0385 is remotely exploitable without authentication, making it a serious concern for affected Cisco systems.

agent/references
agent/type
agent/severity
agent/weakness
agent/first-publish-date
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco secure firewall management center
version/cisco secure firewall management center/5.4.0
version/cisco secure firewall management center/6.0.0
version/cisco secure firewall management center/6.1.0
version/cisco secure firewall management center/6.2.0
version/cisco secure firewall management center/6.2.2
version/cisco secure firewall management center/6.2.3
version/cisco secure firewall management center/6.3.0
canonical/cisco firepower management center (fmc) and firepower threat defense (ftd) software
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/5.4.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.0.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.1.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.0
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.2
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.2.3
version/cisco firepower management center (fmc) and firepower threat defense (ftd) software/6.3.0