CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
EPSS
Percentile
61.1%
A vulnerability in the WebVPN Common Internet File System (CIFS) access function of Cisco Adaptive
Security Appliance (ASA) could allow an authenticated, remote attacker
to trigger a reload of the affected device.
The vulnerability is
due to missing bounds checks on the response received from the CIFS
server when enumerating available shares. An attacker could exploit this
vulnerability by attempting to attain the list of shares from CIFS
servers that offer a large number of shares. Controlling a
CIFS server may also aid the attacker. An exploit could allow the attacker to
trigger a reload of the Cisco ASA, resulting in a denial of service (DoS) condition.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate to a targeted device. This access requirement may reduce the possibility of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.1.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.1.11 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.2.8 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.3.8 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 8.4.3.9 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:* |