CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
Percentile
48.6%
A vulnerability in the DHCPv6 relay feature of Cisco
Adaptive Security Appliance (ASA) software could allow an
unauthenticated, remote attacker to cause an affected
device to reload.
The vulnerability is due to insufficient validation of DHCPv6
packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this
vulnerability by sending crafted DHCPv6 packets to an
affected device.
Note: Only DHCPv6 packets directed to the Cisco ASA
interface where the DHCPv6 relay is enabled can be used to trigger this
vulnerability. This vulnerability affects
systems configured in routed or transparent firewall mode and in single
or multiple
context mode. This vulnerability can be triggered only by IPv6 traffic.
This vulnerability is documented in Cisco bug IDs CSCus56252[“https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus56252”] (registered[“https://sec.cloudapps.cisco.comRPF/register/register.do”] customers only) and CSCus57142[“https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus57142”] (registered[“https://sec.cloudapps.cisco.comRPF/register/register.do”] customers only) and have been assigned CVE ID
CVE-2015-6324.
Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are not available. This
advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | adaptive_security_appliance_software | 9.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0.2.10 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:* |
cisco | adaptive_security_appliance_software | 9.0.3.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:* |