Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20120809-CVE-2012-2474
HistoryAug 09, 2012 - 8:04 p.m.

Cisco ASA 5500 Series Adaptive Security Appliance Clientless WebVPN Remote Denial of Service Vulnerability

2012-08-0920:04:34
tools.cisco.com
12

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS

0.001

Percentile

44.4%

JSON

The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use the clientless WebVPN feature. An authenticated, remote attacker can exploit this vulnerability by submitting requests while the clientless WebVPN feature is enabled, causing excessive memory consumption. If successful, an attacker could cause a blank response page, resulting in a DoS condition.

Cisco has confirmed this vulnerability and released software updates.

To successfully exploit this vulnerability, the WebVPN feature must be enabled on the device. In addition, an attacker must be able to authenticate to a targeted device. To achieve this objective, the attacker may need access to trusted, internal networks. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners
Node
ciscoadaptive_security_appliance_softwareMatch8.2
OR
ciscoadaptive_security_appliance_softwareMatch8.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4
OR
ciscoadaptive_security_appliance_softwareMatch8.2.0.45
OR
ciscoadaptive_security_appliance_softwareMatch8.2.1
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2.10
OR
ciscoadaptive_security_appliance_softwareMatch8.2.3
OR
ciscoadaptive_security_appliance_softwareMatch8.2.4
OR
ciscoadaptive_security_appliance_softwareMatch8.2.1.11
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2.9
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2.12
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2.16
OR
ciscoadaptive_security_appliance_softwareMatch8.2.4.1
OR
ciscoadaptive_security_appliance_softwareMatch8.2.4.4
OR
ciscoadaptive_security_appliance_softwareMatch8.2.5
OR
ciscoadaptive_security_appliance_softwareMatch8.2.5.13
OR
ciscoadaptive_security_appliance_softwareMatch8.2.5.22
OR
ciscoadaptive_security_appliance_softwareMatch8.2.5.26
OR
ciscoadaptive_security_appliance_softwareMatch8.2.2.17
OR
ciscoadaptive_security_appliance_softwareMatch8.3.1.1
OR
ciscoadaptive_security_appliance_softwareMatch8.3.1
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.23
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.25
OR
ciscoadaptive_security_appliance_softwareMatch8.3.1.4
OR
ciscoadaptive_security_appliance_softwareMatch8.3.1.6
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.4
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.13
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.31
OR
ciscoadaptive_security_appliance_softwareMatch8.3.2.33
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1
OR
ciscoadaptive_security_appliance_softwareMatch8.4.2
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1.11
OR
ciscoadaptive_security_appliance_softwareMatch8.4.2.8
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3.8
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3.9
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4
VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.0.45cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.2.10cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.1.11cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:*
Rows per page:
1-10 of 401

Related

prion 1
cvelist 1
nvd 1
nessus 1
cve 1
prion
prion
Memory corruption
2012-08-06 17:55:00
cvelist
cvelist
CVE-2012-2474
2012-08-06 17:00:00
nvd
nvd
CVE-2012-2474
2012-08-06 17:55:01
nessus
nessus
Cisco ASA WebVPN Memory Leak DoS
2012-08-13 00:00:00
cve
cve
CVE-2012-2474
2012-08-06 17:55:01

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS

0.001

Percentile

44.4%

JSON
Related for CISCO-SA-20120809-CVE-2012-2474
prion1cvelist1nvd1nessus1cve1