Skip to content
Medium Published: Feb 08, 2018 Modified: Nov 21, 2024

CVE-2018-0138

5.3 CVSS Score Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Export CVE-2018-0138 Data:
Share:
Link copied!

Description

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Affected Software Configurations

  • a cisco firepower_threat_defense 6.1.0 * * * * * * *
  • a cisco firepower_threat_defense 6.2.0 * * * * * * *
  • a cisco firepower_threat_defense 6.2.2 * * * * * * *
  • a cisco firepower_threat_defense 6.2.3 * * * * * * *

Weaknesses (CWE)

  • CWE-693
  • CWE-693

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2016-0772 CVSS 0 Same weakness: CWE-693 CVE-2017-8864 CVSS 0 Same weakness: CWE-693 CVE-2018-6794 CVSS 0 Same weakness: CWE-693 CVE-2018-0243 CVSS 0 Same weakness: CWE-693 CVE-2018-0244 CVSS 0 Same weakness: CWE-693

CVE History Timeline

Feb 14, 2018 02:29 CVE Modified
Mar 13, 2018 14:18 Initial Analysis
Oct 09, 2019 23:31 CVE Modified
May 14, 2024 04:50 CVE Modified
Nov 21, 2024 03:37 CVE Modified
← Back to CVE Tracker