CVE-2018-15390

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description A vulnerability in the FTP inspection engine could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This occurs because the software fails to release spinlocks when a device is running low on system memory, specifically when configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this by sending a high rate of transit traffic through an affected device to cause a low-memory condition, potentially leading to a software panic and a temporary DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.