Executive Summary
Summary | |
---|---|
Title | Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160309-csc | First vendor Publication | 2016-03-09 |
Vendor | Cisco | Last vendor Modification | 2016-03-09 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module (CSC-SSM) could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due to improper handling of HTTPS packets transiting through the affected system. An attacker could exploit this vulnerability by sending HTTPS packets through the affected system at high rate. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-csc BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW4CazAAoJEK89gD3EAJB5o5YQAMQYMbfDew3kqQ9ntfXBuySb suvOc20TJ+/mOJ+nbxa/afXaTh3wYIdgVBoGT8ekxGm4X5KZPVfJ5clV6HFxNRNd M5C+EFXPL3396k9ec3lipGGR2a4wzLKoQY9sKjeNyY3Nq1pumTTY3iPcltMEDfaN VM5FrRJIdCCKEJvoLmdZa7vLkt9O3aqXKlJQuoHcYmYcTnUrF8Lc9KsO/A3CMDLk EnTZrtXyiagNn3uB7nMYDiIwFMEFt+MJSIDh1Fr8Hpd/eRLv8nWetLvfuhfwdGmC lREb/ozJB9pDrutxVV7DYUKEEakFdxeBBxGGwcUAIOY99RjBwvPZqw08rd3jNWI3 K7DTYptb2cOCMNMGaaUO3Ei2u4hpgL//Dv9Ug3wh87S6hThKriMvtRNL1895BxBP HkNWrRVvJmczXo9AfY6XOIej4FbQ4Is13WyH/oR4X8vkuhD7ZcGsfQFK7e1d/Kw8 ShXr7bp+XhPBtOfKs4ETISZ9zREVlrKh7MKb4TJtFIKSIQ/WKXvFALWXDBEAueO8 r+ngNmHzTzpcG2laL8t/M2dxRKL6Dl9zK5LhsqbrgLHi/9d/iAlid65ri4R+hcao UcOfLsO+ag9gpLc4eeoJOFGy7Vzfss712B/gqW8DKXFo0yhf0YWBQeDTNO6DOpeZ hckk5kAkrcFSBoJowmC1 =K437 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-21 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160309-csc.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-22 13:25:55 |
|
2016-03-17 00:27:24 |
|
2016-03-09 17:27:49 |
|
2016-03-09 17:23:03 |
|