1. Home
  2. CVE Database
  3. CVE-2018-15388
HIGH · 8.6

CVE-2018-15388

A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cau...

Vulnerability Description

A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.

CVSS Score

8.6

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoAdaptive Security Appliance Software< 9.4.4.34
CiscoAsa 5505-
CiscoAsa 5510-
CiscoAsa 5512-X-
CiscoAsa 5515-X-
CiscoAsa 5520-
CiscoAsa 5525-X-
CiscoAsa 5540-
CiscoAsa 5545-X-
CiscoAsa 5550-
CiscoAsa 5555-X-
CiscoAsa 5580-
CiscoAsa 5585-X-
CiscoFirepower Threat Defense< 6.2.3.12

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2018-15388?

CVE-2018-15388 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cau...

How severe is CVE-2018-15388?

CVE-2018-15388 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15388?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software, Cisco Asa 5505, Cisco Asa 5510, Cisco Asa 5512-X, Cisco Asa 5515-X.