9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:P/A:C
0.083 Low
EPSS
Percentile
94.4%
Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco
Catalyst 6500 Series ASA Services Module (ASASM) may be affected by the
following vulnerabilities:
DHCP Memory Allocation Denial of Service Vulnerability
SSL VPN Authentication Denial of Service Vulnerability
SIP Inspection Media Update Denial of Service Vulnerability
DCERPC Inspection Buffer Overflow Vulnerability
Two DCERPC Inspection Denial Of Service Vulnerabilities
These vulnerabilities are independent of each other; a release that is
affected by one of the vulnerabilities may not be affected by the
others.
Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the affected device. Exploitation of the DCERPC Inspection Buffer Overflow Vulnerability could additionally cause a stack overflow and possibly the execution of arbitrary commands.
Cisco has released software updates that address these vulnerabilities. Workarounds are available for some of these vulnerabilities. This advisory is available at the following link:
Note: The Cisco Firewall Services Module for Cisco Catalyst 6500 and Cisco 7600 Series (FWSM) may be affected by some of the vulnerabilities listed above.
A separate Cisco Security Advisory has been published to disclose the
vulnerabilities that affect the Cisco FWSM. This advisory is available
at:
The Cisco ASA 1000V Cloud Firewall and Cisco ASA-CX Context-Aware Security are not affected by any of these vulnerabilities.