Executive Summary

Title Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
Name cisco-sa-20170125-cas First vendor Publication 2017-01-25
Vendor Cisco Last vendor Modification 2017-01-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition.

Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas


iQIVAwUBWIeDV689gD3EAJB5AQJ5Zg//a3dCro6pWqKHfveTah65APzs2XpMIMIk 3D7dKxnm1d6g0TKOI+lGcqDlgTnApDGJNAtAxhYqFN+w/RofPHTY5FzRZHzoikYc d3rWZkPmLPld/WjdTq+yHH0yFC/fyjYE9jFRD96uV3AyCWJZbX3931mAotJp4YKL McteDcw1tzZkoR5uOmbks6pzBbS70ZxYZ6o2fz9MhdIbBK9OfMp61sfIRGF/L8n9 Jbyc+Boqru29lTjwmWmeMq39G+gAm6QQxTKA0yiIq43RrHrDc+jGCW3jXQ58ptYn geG5xQngqWSI/0/2q4R5GHmVXbprrWu4jvdYcM8z9FRi03wYkivMbLjAP0k41oX3 OQOIsR0frAxtAhmjQ62njOMbmWPVwyCxr+NKacQl0VfyXubiyGWVsM+APu3Kxowo hlCKHnV+J1/8I9yx8rqUe8kqdoNM9edMUUC9M2DP5oscG76kP9sIfu8ZujHxwmsd ehp64NTrYfWLDLvlhCvkSli/74wfC7fjou/lLatqZd2l9Q17wBhhd0/Sq8DMNw6U 1NZgT/WKDq35nOPwmVYm1JyClhMx0bmbxCGwRICDTjW+kWZKQV16Bm4lOeHFKoPq LtS5DI8l4oJHa91g25BIkEP3A5GH57k6drPi1UaCaXPO2Vk2/ea04roPpJSY/g5Y 4PRK9X5DKrU= =780F END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

Os 24

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-02-27 21:27:53
  • Multiple Updates
2017-01-25 21:21:01
  • First insertion