How severe is CVE-2018-0281?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2018-0281?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2018-0281 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808.

Related Vulnerabilities

CVE-2018-0283

MEDIUM

CVSS:5.8(Medium)

CWE-3102018

CVE-2011-4723

MEDIUM

CVSS:5.7(Medium)

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

CWE-3102011

CVE-2011-4667

MEDIUM

CVSS:5.9(Medium)

The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS ...

CWE-3102011

CVE-2012-6702

MEDIUM

CVSS:5.9(Medium)

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors inv...

CWE-3102012

CVE-2013-6673

MEDIUM

CVSS:5.9(Medium)

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it ea...

CWE-3102013

CVE-2014-2903

MEDIUM

CVSS:5.9(Medium)

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.

CWE-3102014