Lucene search

CiscoCISCO-SA-20150115-CVE-2015-0578

HistoryJan 15, 2015 - 5:54 p.m.

Cisco Adaptive Security Appliance DHCPv6 Relay Denial of Service Vulnerability

2015-01-1517:54:09

tools.cisco.com

CVSS2

5.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:N/I:N/A:C

EPSS

0.006

Percentile

78.7%

JSON

A vulnerability in the DHCP relay function of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device.

The vulnerability is due to insufficient validation of crafted DHCP packets. Cisco ASA Software is affected by this vulnerability only when configured as a DHCP version 6 relay. An attacker could exploit this vulnerability by sending crafted DHCP version 6 packets through an affected device.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as a targeted device. This access requirement reduces the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.0.4.17

ciscoadaptive_security_appliance_softwareMatch9.0.4.20

ciscoadaptive_security_appliance_softwareMatch9.0.4.24

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.3.2

ciscoadaptive_security_appliance_softwareMatch9.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.4.5

ciscoadaptive_security_appliance_softwareMatch9.1.5

ciscoadaptive_security_appliance_softwareMatch9.1.5.10

ciscoadaptive_security_appliance_softwareMatch9.1.5.12

ciscoadaptive_security_appliance_softwareMatch9.1.5.15

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

ciscoadaptive_security_appliance_softwareMatch9.2.2.7

ciscoadaptive_security_appliance_softwareMatch9.2.2.8

ciscoadaptive_security_appliance_softwareMatch9.2.3

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

ciscoadaptive_security_appliance_softwareMatch9.3.2

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.0.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.2cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.2.10cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.6cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.3.8cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4.5cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0.4.7cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.0.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:::::::*
cisco	adaptive_security_appliance_software	9.0.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:::::::*
cisco	adaptive_security_appliance_software	9.0.2.10	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:::::::*
cisco	adaptive_security_appliance_software	9.0.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:::::::*
cisco	adaptive_security_appliance_software	9.0.3.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:::::::*
cisco	adaptive_security_appliance_software	9.0.3.8	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:::::::*
cisco	adaptive_security_appliance_software	9.0.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:::::::*
cisco	adaptive_security_appliance_software	9.0.4.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:::::::*
cisco	adaptive_security_appliance_software	9.0.4.5	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:::::::*
cisco	adaptive_security_appliance_software	9.0.4.7	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:::::::*