cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-0370,https://securityvulnerability.io/vulnerability/CVE-2018-0370,,"A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory and thus slow down traffic processing. The vulnerability is due to improper handling of traffic when the Secure Sockets Layer (SSL) inspection policy is enabled. An attacker could exploit this vulnerability by sending malicious traffic through an affected device. An exploit could allow the attacker to increase the resource consumption of a single instance of the Snort detection engine on an affected device. This will lead to performance degradation and eventually the restart of the affected Snort process. Cisco Bug IDs: CSCvi09219, CSCvi29845.",Cisco,Cisco Firepower Unknown,7.5,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2018-07-16T17:00:00.000Z,0
CVE-2018-0385,https://securityvulnerability.io/vulnerability/CVE-2018-0385,,"A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434.",Cisco,Cisco Firepower Unknown,7.5,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2018-07-16T17:00:00.000Z,0
CVE-2018-0365,https://securityvulnerability.io/vulnerability/CVE-2018-0365,,"A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750.",Cisco,Cisco Firepower Management Center Unknown,8.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0
CVE-2018-0300,https://securityvulnerability.io/vulnerability/CVE-2018-0300,,"A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges. Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit. Cisco Bug IDs: CSCvc21901.",Cisco,Cisco Firepower 4100 Series Next-generation Firewall And Firepower 9300 Security Appliance Unknown,7.2,HIGH,0.0026000000070780516,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0