Executive Summary
| Summary | |
|---|---|
| Title | Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20151021-asa-ike | First vendor Publication | 2015-10-21 |
| Vendor | Cisco | Last vendor Modification | 2015-10-21 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper handling of Internet Security Association and Key Management Protocol (ISAKMP) packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. A successful exploit could allow the attacker to cause an affected system to reload. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWJ6PHAAoJEIpI1I6i1Mx3pt4P/1sUeHJRsiJXH6Pga4YzUgcV h8qqo8k+GWv5/yqEwaJOV6TubBjkqKL+noGEpJCFTJhfvYYEhKDkusYlAf3KJChS k49XEOSmufhoNEYqMrBVhTovvYomhyA+pMWxk6TBWx2J7foYkve7GzQKLz5UUlgw 2Un5MM6eYQvbYyrr0fCqS46jJ9d8cZdwMZdW6KBgqe2EnSwM9ZgHZrMJkR2hh5pF wm3Gr1hvKANVL44EEEdd2O/x2eiBsduP0+fP1pxLVgmMZ/qh/E+fCEOpMke6pJHl r5i/hJUJ3Eb0sB9wFtxQGrHWsEyLzyNx+4y7inZb1ZB4wwEYsuAMTUhtNFHvZANY Krh6xZ+LtJ34+ZzZ4umlBBJWEX3RR2AKo+sLUGDZ9GcqUuF8YplhvJ1QDM0+aJxA bRkfZgfHYEeQd/PVCavjjpTqeE8Y8dbqQKRriNSHB0+DxMt0tYDWWswMdxskqvhL f4uaS2nl00Z8OzLeDTCce0t9bYdIQiG3VRya4iUM1+K4fOqhoxPMekX3pCXKP1Jt 2YpGFDkT8NW6nS40oz10kXo7sARERJdCy3+pQZbbN0PzygbeOAFJ/wND2s5t7Z2/ oeDumB3rGnxxTOwtOe8iPaT2hub8oh2zMs/aT9I+uvZqdSNt7ev1K2u8zuaC/gne Lft0MNDnWp3Gn0ARWMho =GjNO END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-09-15 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20151021-asa-ike.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-09-16 13:24:48 |
|
| 2015-10-26 21:27:33 |
|
| 2015-10-21 21:22:18 |
|
