Guest

Preview Tool

Cisco Bug: CSCvh89340 - Cisco Firepower Threat Defense SSL Engine High CPU Denial Of Service Vulnerability

Last Modified

Dec 11, 2019

Products (32)

  • Cisco Firepower Management Center
  • Cisco FirePOWER Appliance 8260
  • Cisco FirePOWER Appliance 8120
  • Cisco Firepower Management Center 2500
  • Cisco FirePOWER Appliance 7050
  • Cisco FirePOWER Appliance 8360
  • Cisco FirePOWER Appliance 8130
  • Cisco FirePOWER Appliance 8350
  • Cisco FirePOWER Appliance 8140
  • Cisco AMP 8150
View all products in Bug Search Tool Login Required

Known Affected Releases

6.2.1 6.2.2.1

Description (partial)

Symptom:
A vulnerability in the SSL Engine of Cisco Firepower System Software could allow an unauthenticated, 
remote attacker to cause a denial of service condition.

The vulnerability is due to improper error handling while processing SSL traffic. 
An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device.  
An exploit could allow an attacker to degrade the device performance by triggering a persistent high CPU utilization condition.


- Message "SFHA Input Thread: Error allocating a new N byte RX message (-28)" logged continually (side effect).

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower

Conditions:
All three of the following must be true:

1) Firepower Threat Defense running on 2100 series platforms.
2) a) When Access Control Policy has Category or Reputation rule, and Query Cisco CSI for
Unknown URLs is enabled. OR b) Malware and File policy with Malware Block rule present
3) SSL policy is enabled (even with no rules) OR Identity policy has active authentication rule.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.