First published: Wed Apr 28 2021(Updated: )
A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-dos-nFES8xTN
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco FTD Software | >=6.5.0<=6.6.0<6.6.42>=Earlier than 6.2.2¹=6.2.2=6.2.3=6.3.0<=6.4.0<6.4.0.12 (May 2021) | 6.6.42 6.4.0.12 (May 2021) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is cisco-sa-fdm-dos-nFES8xTN.
The severity of cisco-sa-fdm-dos-nFES8xTN is medium with a score of 4.9.
An authenticated, remote attacker can exploit this vulnerability by exhausting filesystem resources of an affected device.
The affected software for cisco-sa-fdm-dos-nFES8xTN is Cisco Firepower Device Manager (FDM) Software version 6.2.2 and earlier versions up to 6.6.42 as well as 6.4.0 up to 6.4.0.12 (May 2021).
More information about this vulnerability can be found at the Cisco Security Advisory page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-dos-nFES8xTN