Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability
Informations
Name cisco-sa-20180418-asa3 First vendor Publication 2018-04-18
Vendor Cisco Last vendor Modification 2018-04-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJa128AXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcz1yEQALDj25ySYsjzBSXgrKQ7O+b/UJEG S654UD6pKtW8fn5dF8eEYwh6RkQ7yGZDKkMtsKlc3SzXxMn7zsZ40C5z3plmt28u TbkbmkWXBhtQuvIGad309tFGFX9q3fs8yvfjq4iUIFGPRBT/lNWo57XiZGtQ7mcX zvPNf4/RgccrvvA2hyy5f8Df2ByfvwkwD1fhTUKccL34j24s/lJp6hs+FgctED/f nTSB0S1CzExdsCU8KR2q3LVqlxl/Doj6n6MuqO422wrwzDVF9sdXpN9Os/3abavc mzpo0FYfDYrNQ0PKjEJbHd4ESYZmwl0GlxboL6JGqBwhAueNPalhvYOoTcvDKyyk y0DcJWq7Ehz1mImNjr1L1eDuEKFHZDbCkRlKo+3R2gdyHaXh/FaL3gWtr+uNGqeW hZl0piAIdpWIv3AUZtzV5X6fLHaA4Yv/GW81yl77LxphazH1fMhXeUzFB/SMnTve 107M0D4KcfxOfgPHUa03ZrEPSSUaNhmRzHvXHWzbvdLlN8A391kvLKESKLqdv/G4 Uz/uhLbBLPYw1Iu0KJM3t+IiKQEwZPIBRJT1zJrfz/TYw8WqsWFXZbw/cb6IOMtL HkC95b0hiY7wfMQX/2lWD03xkix++8yQNanpkeyu3KDzwcbsy82orseNSFZtmKH +9TNTmcwNuQIIwJF4 =ZH9o END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30
Os 2
Os 1

Nessus® Vulnerability Scanner

Date Description
2018-04-27 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20180418-asa1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-05-23 21:21:31
  • Multiple Updates
2018-04-20 00:21:17
  • Multiple Updates
2018-04-18 21:18:33
  • First insertion