Denial of Service Vulnerability in Cisco ASA 5500 Devices
CVE-2016-1312

7.5HIGH

Key Information:

Vendor
Cisco
Status
Asa 5500 Csc-ssm Firmware
Vendor
CVE Published:
9 March 2016

Summary

The HTTPS inspection engine in Cisco's Content Security and Control Security Services Module (CSC-SSM) prior to version 6.6.1164.0 for ASA 5500 devices is vulnerable to a denial of service attack. Remote attackers can exploit this flaw by flooding the device with multiple HTTPS packets, which can lead to excessive memory consumption or even cause the device to reload, disrupting normal operations and affecting overall network security.

References

http://www.securityfocus.com/bid/84281
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1035230
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.