CVE-2018-0230

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software versions 6.2.1 through 6.2.2

Description A vulnerability in the internal packet-processing functionality could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The issue is due to the affected software improperly validating IP Version 4 (IPv4) and IP Version 6 (IPv6) packets after the software reassembles the packets. An attacker could exploit this by sending malicious, fragmented IPv4 or IPv6 packets to an affected device, potentially causing Snort processes to hang at 100% CPU utilization and resulting in a DoS condition until the device is reloaded manually.

Recommendations For versions 6.2.1 and 6.2.2, consider disabling the affected packet-processing functionality until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of remote attackers sending malicious packets. As a temporary workaround, manually reload the device if it stops processing traffic due to the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.