Executive Summary
| Summary | |
|---|---|
| Title | Multiple Vulnerabilities in Cisco ASA Software |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20150408-asa | First vendor Publication | 2015-04-08 |
| Vendor | Cisco | Last vendor Modification | 2015-04-08 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.3 | Attack Range | Adjacent network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 6.5 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA Failover Command Injection Vulnerability Cisco ASA DNS Memory Exhaustion Vulnerability Cisco ASA VPN XML Parser Denial of Service Vulnerability Successful exploitation of the Cisco ASA Failover Command Injection Vulnerability would allow an attacker to submit failover commands to the failover units, which may result in an attacker taking full control of the systems. Successful exploitation of the Cisco ASA DNS Memory Exhaustion Vulnerability may result in system instability and dropped traffic. Successful exploitation of the Cisco ASA VPN XML Parser Denial of Service Vulnerability may result in a crash of the WebVPN process, which may lead to the reset of all SSL VPN connections, system instability, and a reload of the affected system. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for the Cisco ASA Failover Command Injection Vulnerability and Cisco ASA DNS Memory Exhaustion Vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVSVT84pI1I6i1Mx3AQJwxw//as14VQOywXvym9zWeAnTr/znAvfoBlKx W4GkFk+00lI7n39cc9AD4qsTSBi+LJjDSc/Qsp2ocJVislsTrE57KG4oPP9mQS7f 1RU7Z8eDZLYH5rcU/Gb7dahIs0GLNr3ZO4m1ArA01J49W5wCN6R6PL4Qt2H41RNT +/Xo+ULufjKEIub+6hqsF4AyTB3Hg/S8u/NHrRn6xi+SPUv83JwAPTGRiJjZkWrD Q7N7vLTTj6kNhtDbn2AO0N5j0ZfHf/DAPs6lsR3Q7tcF+eJVMEKNFczSQWCWEiq4 gejIu6Hg4dY6gZsr+0aGx9plPYdp4Ofeu8JrhSPQbkUcnZ7RUjKnPwMcUIvETG3C 0FGsFsEC2DQtJJ8/SRDHWfDEb2p+ROlqGVKmGaYoavxFdPPOlvBDo4Mmhiy61Y5y orjqJk7iCBAv8VUDp9H6A1TkewXA6VHXKpXKbZ3vx+/JsmqQb1cSKVfSQMiiGPu/ +0OHZvyaOh2GGGnit6qk1/1sUerDZNLjlTeQ+TYDwPRGIeduwJfibnaXLp9wOkTv UoicR7laeB9oqwWpUxzmH6J5NrFdb2rP8ZgH8f1QDB3bHAJFmQ4Pp9ZkhydEMxAH 7ZyK2FmwElXVrqd7tqgrY5VUcsgKwTH6/SRD7Et+MAAhKFueDKQC3FJkfELzUk9D h4MUiEy8rJ0= =n67F END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 67 % | CWE-20 | Improper Input Validation |
| 33 % | CWE-284 | Access Control (Authorization) Issues |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-04-16 | IAVM : 2015-A-0072 - Multiple Vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software Severity : Category I - VMSKEY : V0059859 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-04-10 | Cisco ASA memory exhaustion denial of service attempt RuleID : 34051 - Revision : 1 - Type : PROTOCOL-DNS |
| 2014-11-16 | Cisco ASA SCPS command injection attempt RuleID : 32106 - Revision : 2 - Type : SERVER-OTHER |
| 2014-03-15 | XML exponential entity expansion attack attempt RuleID : 29800 - Revision : 4 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-04-17 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150408-asa.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2015-10-18 17:22:08 |
|
| 2015-04-18 13:26:44 |
|
| 2015-04-14 00:28:37 |
|
| 2015-04-10 21:25:46 |
|
| 2015-04-08 21:30:45 |
|
| 2015-04-08 21:25:56 |
|
