Design/Logic Flaw

2015-04-1301:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

CPENameOperatorVersion
adaptive_security_appliance_softwareeq9.3.2
adaptive_security_appliance_softwareeq9.1.1.4
adaptive_security_appliance_softwareeq9.1.4
adaptive_security_appliance_softwareeq8.6.1.12
adaptive_security_appliance_softwareeq9.2.2.7
adaptive_security_appliance_softwareeq9.1.5.21
adaptive_security_appliance_softwareeq9.1.3
adaptive_security_appliance_softwareeq9.1.2
adaptive_security_appliance_softwareeq9.2.3
adaptive_security_appliance_softwareeq9.3.1.1

Name	Operator	Version
adaptive_security_appliance_software	eq	9.3.2
adaptive_security_appliance_software	eq	9.1.1.4
adaptive_security_appliance_software	eq	9.1.4
adaptive_security_appliance_software	eq	8.6.1.12
adaptive_security_appliance_software	eq	9.2.2.7
adaptive_security_appliance_software	eq	9.1.5.21
adaptive_security_appliance_software	eq	9.1.3
adaptive_security_appliance_software	eq	9.1.2
adaptive_security_appliance_software	eq	9.2.3
adaptive_security_appliance_software	eq	9.3.1.1