CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS
Percentile
44.4%
The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use the clientless WebVPN feature. An authenticated, remote attacker can exploit this vulnerability by submitting requests while the clientless WebVPN feature is enabled, causing excessive memory consumption. If successful, an attacker could cause a blank response page, resulting in a DoS condition.
Cisco has confirmed this vulnerability and released software updates.
To successfully exploit this vulnerability, the WebVPN feature must be enabled on the device. In addition, an attacker must be able to authenticate to a targeted device. To achieve this objective, the attacker may need access to trusted, internal networks. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | 8.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.0.45 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.2.10 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.2.1.11 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:* |