CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
69.3%
Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device.
The vulnerability is due to the ASA not honoring the idle timeout for some protocol inspected connections. An attacker could exploit this vulnerability by sending several crafted requests for one or more protocols configured for inspection on the ASA. A successful exploit could allow the attacker to force the ASA to stop accepting new connections, resulting in a denial of service (DoS) condition.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to an affected device. This access requirement could limit the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.5 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.5.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.1.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.1.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:* |