5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.019 Low
EPSS
Percentile
88.5%
Problem description:
The firewall maintains a pointer to layer 4 header
information in the event that it needs to send a TCP reset
or ICMP error message to discard packets. Due to incorrect
handling of IP fragments, this pointer fails to get
initialized.
Impact:
An attacker can cause the firewall to crash by sending ICMP
IP fragments to or through firewalls which match any reset,
reject or unreach actions.
Workaround:
Change any reset, reject or unreach actions to deny. It
should be noted that this will result in packets being
silently discarded.