How severe is CVE-2018-15399?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2018-15399?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2018-15399

MEDIUM Year: 2018

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.1

High

Weakness Type

CWE-400

View all →

Vulnerability Description

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.

CVE-2016-6172

MEDIUM

CVSS:6.8(Medium)

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR...

CWE-4002016

CVE-2018-20169

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core...

CWE-4002018

CVE-2019-1814

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the interactions between the DHCP and TFTP features for Cisco Small Business 300 Series (Sx300) Managed Switches could allow an unauthenticated, remote attacker to cause the device ...

CWE-4002019

CVE-2020-3132

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of ...

CWE-4002020

CVE-2020-3305

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an u...

CWE-4002020

CVE-2020-3306

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a deni...

CWE-4002020

CVE-2018-15399

Vulnerability Description

Related Vulnerabilities

CVE-2016-6172

CVE-2018-20169

CVE-2019-1814

CVE-2020-3132

CVE-2020-3305

CVE-2020-3306