Lucene search

CiscoCISCO-SA-20150206-CVE-2013-5557

HistoryFeb 06, 2015 - 9:54 p.m.

Cisco Adaptive Security Appliance WebVPN Content Rewriter Denial of Service Vulnerability

2015-02-0621:54:06

tools.cisco.com

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

EPSS

0.002

Percentile

54.8%

JSON

A vulnerability in the WebVPN functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, remote attacker to cause an affected device to crash.

The vulnerability is due to a fault in the Proxy Bypass Content Rewriter implementation. An attacker could exploit this vulnerability by performing an HTTP request that triggers content rewriting. Depending on the configuration, a successful exploit could allow the attacker to cause the appliance to crash or trigger an error recovery event.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement reduces the likelihood of a successful exploit.

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.17

ciscoadaptive_security_appliance_softwareMatch9.0.4.20

ciscoadaptive_security_appliance_softwareMatch9.0.4.24

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.0cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.2cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.6cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.8cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4.5cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:::::::*
cisco	adaptive_security_appliance_software	9.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:::::::*
cisco	adaptive_security_appliance_software	9.0.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:::::::*
cisco	adaptive_security_appliance_software	9.0.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:::::::*
cisco	adaptive_security_appliance_software	9.0.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:::::::*
cisco	adaptive_security_appliance_software	9.0.3.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:::::::*
cisco	adaptive_security_appliance_software	9.0.3.8	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:::::::*
cisco	adaptive_security_appliance_software	9.0.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:::::::*
cisco	adaptive_security_appliance_software	9.0.4.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:::::::*
cisco	adaptive_security_appliance_software	9.0.4.5	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:::::::*

Rows per page:

1-10 of 171

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150206-CVE-2013-5557

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

EPSS

0.002

Percentile

54.8%

JSON

Related for CISCO-SA-20150206-CVE-2013-5557