CiscoCISCO-SA-20130617-CVE-2013-1203Cisco ASA-CX TCP Traffic Denial of Service Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
EPSS
Percentile
50.5%
A vulnerability processing TCP traffic on Cisco ASA CX could allow an unauthenticated, remote attacker to cause a reload of the affected device.
The vulnerability is due to invalid parsing of TCP packet data forwarded to Cisco ASA CX by the Cisco ASA. An attacker could exploit this vulnerability by sending specific TCP traffic to the Cisco ASA CX to be processed.
Cisco has confirmed the vulnerability in a security notice and has released software updates.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | asa_cx_context-aware_security_software | any | cpe:2.3:a:cisco:asa_cx_context-aware_security_software:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
EPSS
Percentile
50.5%