cisco-sa-20151116-fire

Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability

cisco-sa-20151116-fire · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in the USB driver of Cisco Firepower 9000 could allow an unauthenticated, local attacker with physical access to the device to send invalid USB commands to the kernel and cause a denial of service (DoS) condition.   The vulnerability is due to insufficient sanitization of USB input parameters. An attacker could exploit this vulnerability by using crafted USB user inputs to send invalid USB commands to the kernel. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability.

CVEs	CVE-2015-6369
Cisco Bug IDs	CSCux10531
CVSS Score	Base 4.7 Base 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C
Product Names From Source	Cisco Firepower Extensible Operating System, Firepower Extensible Operating System

Related Products

Product	CVE	Evidence
Firepower Extensible Operating System	CVE-2015-6369	Cisco OpenVuln
Cisco Firepower Extensible Operating System	CVE-2015-6369	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability

Workarounds

Related Products