Input Validation Vulnerability in Cisco Adaptive Security Appliances
CVE-2012-6395

Currently unrated

Key Information:

Vendor: Cisco
Status: Adaptive Security Appliance Software; Adaptive Security Appliance; Asa 1000v Cloud Firewall; Asa 5500
Vendor: CVE Published:; 18 January 2013

Summary

Cisco Adaptive Security Appliances (ASA) with firmware version 8.4 are susceptible to a vulnerability that arises from inadequate validation of input related to UNC share pathnames. This flaw can be exploited by remote authenticated users, enabling them to compromise the device's functionality and potentially trigger a denial of service, which results in a device crash. Administrators should ensure their firmware is updated to the latest version to mitigate the risk associated with this vulnerability.

References

http://secunia.com/advisories/51955

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1028009

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jan 18, 2013
Vulnerability Reserved
Dec 16, 2012