Executive Summary
| Summary | |
|---|---|
| Title | Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20161019-asa-ca | First vendor Publication | 2016-10-19 |
| Vendor | Cisco | Last vendor Modification | 2016-10-19 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBWAeXh689gD3EAJB5AQLS6Q/+MeNTBcCHRaBRbNs3PYprDG+Xitotjnjh fR05wuy88NUaC8hpO2rdRvXr46nh+uihdMtsPQKxFVMOGNV5Rti3aOsynYAxsDDY 9XqmMfn4ZiXHM/VPaglwzhmXibgtlVpGFy3q6YD0JRsPtHPqmBTFYVnvhPhP6LsX XUK5ZyoGRWOIo3T+hlXACHVRs+ZYnhR9uTswtc5Y4PLrv8yZFq+jb+N97wcDqc9A XfX4QIcZydfmRAX+qeZrtNgBefizXuQJNStYK6QmSC87DCjItiVAejU/gT56ghcw mQMaX2BiES2hsJnbdfCvA4lc733KRnnrb+6i/T4/HDrQLjtjsIgxoe7MaXOTKc0T OJaq0K96fZKLF7koIo71fIUq/c1ZUXgx12kI8sXFKSaYc2H9m+2nZKe0BCja5tlK D/r2S9ulUxixL1PVNfoBaO+5eYOFVfOXVRcn/ISbvFtvTVNERvkeqpZpHv2GMMqn xKXjcUTaBgDojgbeNt+D2325Fa0+DDFJmWbRmjA0qDu8aUCAgIEk2ocwKWpsLl/j rWHot3sgBFmRra2NmXuEJrYIVlJzMUNofPMI2IWUtvq6aPt7KihJcE0YIbKOIXGF 9ldK+vUDRwvnRiNI+IGjDlP3ZWER/b15U6YtXC1K6K0PyuVx6ic6Nh/voCuyCofO FpkTHLdOlV8= =jPap END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-10-20 | Cisco ASA Crypto CA Server out of bounds read attempt RuleID : 40498 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-10-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20161019-asa-ca.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-10-29 00:25:21 |
|
| 2016-10-28 17:24:57 |
|
| 2016-10-27 13:26:38 |
|
| 2016-10-19 21:21:25 |
|
