Executive Summary

Title Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability
Name cisco-sa-20150408-cxfp First vendor Publication 2015-04-08
Vendor Cisco Last vendor Modification 2015-04-08
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.

Cisco has released free software updates that address this vulnerability. The resolution includes upgrading the Cisco ASA FirePOWER Services Software or the Cisco ASA CX Services Software and the Cisco ASA Software. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp

Note: Cisco ASA Software is affected by several other vulnerabilities described in the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software, cisco-sa-20150408-asa. Cisco ASA customers should review cisco-sa-20150408-asa before determining an upgrade release for Cisco ASA Software.

Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVSVUHopI1I6i1Mx3AQIyoA/+LQvVAb1/gU23W7r0uLdiv9YyIHJsVWl1 FeiGbiXTkyXGXL5ear+If/7mFA6PMpvM49mYAM7KvlWs/xcJnTc1iiH7kmT4636e LrlGBTRQDKCEMT2mscc2BJCdAbrpHc3VpCuJ+9DZ1rgOkafXOQxe5Y4+j7M7Rbit gt0wbr0u3lDydoaqyuj9fzVup1JJXC5HeHp5S7RUbXS2KBMHgze5xdxxtshsu4/y qgB/aE/QGIqkdEAIKtHFQ77t/EU/M1CQdoExGEG5LtCjqedkwgsXsBPLwEddaCv/ Jv7FRpaDhuOLxzi3n4LGsF+xKQDCI/0FGacZsUxi3XHznKoSwWeoAOxtpQZG9DF7 thyaTD0xa4Nw/5kaw+3yyVwyqigjuBhOWx83kf03P/MEO+x4FHEvEUHR6TLErkD0 E00KajL38Ci5DKZjQN3tb1IulbtmrMjGDmoFZiuCGhMiik1f7V1Q8Qi1wh2lVpek D38XYQTblbGmpr5voiEgZPL7aw/0JShM3WjXaXy/Qerue4qru/oY/YRmB5QG35dc 4AbpRzDAFyZOX6IrLlHUPTfMNPr8K0xHZn1B8/7dmuALtm2D+AEYFUitDzjII1Kn Z6Z9NM94PRexJ+S9DNDFxPVkgmmzlQdnRfBJzreb6K0IJFhpNjHKu+gCnKaanfjj tN9ezCk4DH8= =0yWw END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Os 18
Os 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-04-16 IAVM : 2015-A-0072 - Multiple Vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software
Severity : Category I - VMSKEY : V0059859

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-10-18 17:22:08
  • Multiple Updates
2015-04-14 05:29:16
  • Multiple Updates
2015-04-08 21:25:57
  • First insertion