Executive Summary
Summary | |
---|---|
Title | Cisco ASA Software DNS Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20151021-asa-dns1 | First vendor Publication | 2015-10-21 |
Vendor | Cisco | Last vendor Modification | 2015-10-21 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the DNS code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to reload. The vulnerability is due to improper processing of DNS packets. An attacker could exploit this vulnerability by sending a request to an affected Cisco ASA appliance to cause it to generate a DNS request packet. The attacker would need to spoof the reply packet with a crafted DNS response. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1 BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWJ6LqAAoJEIpI1I6i1Mx3HcIP/it+mJrwA1HBmMJsMIKN9BzU 69nr9HTUKe7bWltdczKc8AwdRt3Soo7ZRdXXEFhaRXPu9/+DEE6HDCh2a5VL71eH k86KEip4KN2kKQtGyuZ/KECAVOm63dJgeP6iqbzR5WOvzxlnc2fcEZ9ZoPLXLdQM 1PadAOTO0pf+AxfgahbO+hG1qchNTElh6WkuvEDDlwiTKcSpBUoDWoFG80AqYCu +rq8tJuvofI1Wu4vkErMkChWvNiXS/+Kw4xsi0H+QonnNZALfuHAArG14DRid9Aw0 8zEOBJ+gczii+Ab1FgpYaglxCTfzFgIqoC0lWHpQvtlKDjvwtYqyPZHEjtcj0G6H t3D4rQEhyvOZ4SfDU78bMIsd4NclQiMC8y17E4gifaThcB5PT1c5Cw/7airtl/XJ gJUm6CNHnzkTyEQ1xUX4qzZ4fUwIitwNft+RVcpZ1oTX6Kb2KaGeRPtMR1b5JNqt ex+1I5T6GI5GQpPIFTo9tR0ZoVA1y8krj4FUu1SRrRGyBHXoz/5ZMSB/iJ5Ypsc3 a91LF+2tezaxUw641SqsuxoJSzBiJxw60DhvqS5laT3Gs+mVvcAYTskA95DI7aXH YlFF0/0fWayPDZpfwmUHJ6P+PSgDaj5g3QMG/tgv5aYDcXM+2m7iGA/dz2pI4PEK aPuA2BPid5ZySAi2/hhv =ugAt END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-09-15 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20151021-asa-dns1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-09-16 13:24:48 |
|
2015-10-27 05:24:41 |
|
2015-10-21 21:22:16 |
|