Lucene search
CiscoCISCO-SA-20141126-CVE-2014-3407HistoryNov 26, 2014 - 6:44 p.m.
Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability
2014-11-2618:44:32
tools.cisco.com
23
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.002
Percentile
62.0%
A vulnerability in the SSL VPN feature of Cisco ASA Software could
allow an unauthenticated, remote attacker to cause the exhaustion of
available memory, which could lead to system instability and availability
issues on the SSL VPN services.
The vulnerability is due to improper implementation of memory block
allocation when processing crafted HTTP packets. An attacker could
exploit this vulnerability by sending a crafted HTTP packet to the
affected system. The vulnerability can be exploited if SSL VPN is enabled.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker may need to acquire additional information about the targeted device, such as whether SSL VPN is enabled on the device. This feature must be enabled for an attacker to achieve a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.4
ORciscoadaptive_security_appliance_softwareMatch8.6
ORciscoadaptive_security_appliance_softwareMatch9.0
ORciscoadaptive_security_appliance_softwareMatch9.1
ORciscoadaptive_security_appliance_softwareMatch9.2
ORciscoadaptive_security_appliance_softwareMatch9.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.4.7.23
ORciscoadaptive_security_appliance_softwareMatch8.6.1.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1.2
ORciscoadaptive_security_appliance_softwareMatch8.6.1.5
ORciscoadaptive_security_appliance_softwareMatch8.6.1.10
ORciscoadaptive_security_appliance_softwareMatch8.6.1.12
ORciscoadaptive_security_appliance_softwareMatch8.6.1.13
ORciscoadaptive_security_appliance_softwareMatch8.6.1.14
ORciscoadaptive_security_appliance_softwareMatch9.0.1
ORciscoadaptive_security_appliance_softwareMatch9.0.2
ORciscoadaptive_security_appliance_softwareMatch9.0.2.10
ORciscoadaptive_security_appliance_softwareMatch9.0.3
ORciscoadaptive_security_appliance_softwareMatch9.0.3.6
ORciscoadaptive_security_appliance_softwareMatch9.0.3.8
ORciscoadaptive_security_appliance_softwareMatch9.0.4
ORciscoadaptive_security_appliance_softwareMatch9.0.4.1
ORciscoadaptive_security_appliance_softwareMatch9.0.4.5
ORciscoadaptive_security_appliance_softwareMatch9.0.4.17
ORciscoadaptive_security_appliance_softwareMatch9.0.4.20
ORciscoadaptive_security_appliance_softwareMatch9.0.4.24
ORciscoadaptive_security_appliance_softwareMatch9.0.4.7
ORciscoadaptive_security_appliance_softwareMatch9.1.1
ORciscoadaptive_security_appliance_softwareMatch9.1.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.2
ORciscoadaptive_security_appliance_softwareMatch9.1.3
ORciscoadaptive_security_appliance_softwareMatch9.1.2.8
ORciscoadaptive_security_appliance_softwareMatch9.1.3.2
ORciscoadaptive_security_appliance_softwareMatch9.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.4.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5.10
ORciscoadaptive_security_appliance_softwareMatch9.1.5.12
ORciscoadaptive_security_appliance_softwareMatch9.2.1
ORciscoadaptive_security_appliance_softwareMatch9.2.2
ORciscoadaptive_security_appliance_softwareMatch9.2.2.4
ORciscoadaptive_security_appliance_softwareMatch9.2.2.7
ORciscoadaptive_security_appliance_softwareMatch9.2.3
ORciscoadaptive_security_appliance_softwareMatch9.3.1
ORciscoadaptive_security_appliance_softwareMatch9.3.1.1
ORciscoadaptive_security_appliance_softwareMatch9.3.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.4.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.4.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.4.1.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.4.1.11 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-3407
2014-11-28 02:59:00
cvelist
cvelist
CVE-2014-3407
2014-11-28 02:00:00
prion
prion
Design/Logic Flaw
2014-11-28 02:59:00
nessus
nessus
Cisco ASA SSL VPN Memory Blocks Exhaustion DoS (CSCuq68888)
2014-12-08 00:00:00
Fedora 20 : drupal7-7.32-1.fc20 (2014-13030)
2014-10-29 00:00:00
cve
cve
CVE-2014-3407
2014-11-28 02:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: drupal7-7.32-1.fc20
2014-10-28 06:48:09
openvas
openvas
Fedora Update for drupal7 FEDORA-2014-13030
2014-10-29 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.002
Percentile
62.0%
Related for CISCO-SA-20141126-CVE-2014-3407