CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
56.3%
The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | * | cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(0) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(0\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(1) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(1\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(2) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(2\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(4) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(4\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(5) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(5.2) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5.2\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(6) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6\):*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 7.0(6.7) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6.7\):*:*:*:*:*:*:* |