Lucene search
CiscoCISCO-SA-20160517-ASA-XMLHistoryMay 17, 2016 - 12:00 a.m.
Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
2016-05-1700:00:00
tools.cisco.com
10
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
43.8%
A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system.
The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml”]
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.4
ORciscoadaptive_security_appliance_softwareMatch8.5
ORciscoadaptive_security_appliance_softwareMatch8.6
ORciscoadaptive_security_appliance_softwareMatch8.7
ORciscoadaptive_security_appliance_softwareMatch9.0
ORciscoadaptive_security_appliance_softwareMatch9.1
ORciscoadaptive_security_appliance_softwareMatch9.2
ORciscoadaptive_security_appliance_softwareMatch9.3
ORciscoadaptive_security_appliance_softwareMatch9.4
ORciscoadaptive_security_appliance_softwareMatch9.5
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.4.7.23
ORciscoadaptive_security_appliance_softwareMatch8.4.7.26
ORciscoadaptive_security_appliance_softwareMatch8.4.7.28
ORciscoadaptive_security_appliance_softwareMatch8.4.7.29
ORciscoadaptive_security_appliance_softwareMatch8.5.1
ORciscoadaptive_security_appliance_softwareMatch8.5.1.1
ORciscoadaptive_security_appliance_softwareMatch8.5.1.6
ORciscoadaptive_security_appliance_softwareMatch8.5.1.7
ORciscoadaptive_security_appliance_softwareMatch8.5.1.14
ORciscoadaptive_security_appliance_softwareMatch8.5.1.17
ORciscoadaptive_security_appliance_softwareMatch8.5.1.18
ORciscoadaptive_security_appliance_softwareMatch8.5.1.19
ORciscoadaptive_security_appliance_softwareMatch8.5.1.21
ORciscoadaptive_security_appliance_softwareMatch8.5.1.24
ORciscoadaptive_security_appliance_softwareMatch8.6.1.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1.2
ORciscoadaptive_security_appliance_softwareMatch8.6.1.5
ORciscoadaptive_security_appliance_softwareMatch8.6.1.10
ORciscoadaptive_security_appliance_softwareMatch8.6.1.12
ORciscoadaptive_security_appliance_softwareMatch8.6.1.13
ORciscoadaptive_security_appliance_softwareMatch8.6.1.14
ORciscoadaptive_security_appliance_softwareMatch8.6.1.17
ORciscoadaptive_security_appliance_softwareMatch8.7.1
ORciscoadaptive_security_appliance_softwareMatch8.7.1.1
ORciscoadaptive_security_appliance_softwareMatch8.7.1.3
ORciscoadaptive_security_appliance_softwareMatch8.7.1.4
ORciscoadaptive_security_appliance_softwareMatch8.7.1.7
ORciscoadaptive_security_appliance_softwareMatch8.7.1.8
ORciscoadaptive_security_appliance_softwareMatch8.7.1.11
ORciscoadaptive_security_appliance_softwareMatch8.7.1.13
ORciscoadaptive_security_appliance_softwareMatch8.7.1.16
ORciscoadaptive_security_appliance_softwareMatch8.7.1.17
ORciscoadaptive_security_appliance_softwareMatch9.0.1
ORciscoadaptive_security_appliance_softwareMatch9.0.2
ORciscoadaptive_security_appliance_softwareMatch9.0.2.10
ORciscoadaptive_security_appliance_softwareMatch9.0.3
ORciscoadaptive_security_appliance_softwareMatch9.0.3.6
ORciscoadaptive_security_appliance_softwareMatch9.0.3.8
ORciscoadaptive_security_appliance_softwareMatch9.0.4
ORciscoadaptive_security_appliance_softwareMatch9.0.4.1
ORciscoadaptive_security_appliance_softwareMatch9.0.4.5
ORciscoadaptive_security_appliance_softwareMatch9.0.4.17
ORciscoadaptive_security_appliance_softwareMatch9.0.4.20
ORciscoadaptive_security_appliance_softwareMatch9.0.4.24
ORciscoadaptive_security_appliance_softwareMatch9.0.4.7
ORciscoadaptive_security_appliance_softwareMatch9.0.4.26
ORciscoadaptive_security_appliance_softwareMatch9.0.4.29
ORciscoadaptive_security_appliance_softwareMatch9.0.4.33
ORciscoadaptive_security_appliance_softwareMatch9.0.4.37
ORciscoadaptive_security_appliance_softwareMatch9.0.4.35
ORciscoadaptive_security_appliance_softwareMatch9.1.1
ORciscoadaptive_security_appliance_softwareMatch9.1.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.2
ORciscoadaptive_security_appliance_softwareMatch9.1.3
ORciscoadaptive_security_appliance_softwareMatch9.1.2.8
ORciscoadaptive_security_appliance_softwareMatch9.1.3.2
ORciscoadaptive_security_appliance_softwareMatch9.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.4.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5.10
ORciscoadaptive_security_appliance_softwareMatch9.1.5.12
ORciscoadaptive_security_appliance_softwareMatch9.1.5.15
ORciscoadaptive_security_appliance_softwareMatch9.1.6
ORciscoadaptive_security_appliance_softwareMatch9.1.5.21
ORciscoadaptive_security_appliance_softwareMatch9.1.6.1
ORciscoadaptive_security_appliance_softwareMatch9.1.6.6
ORciscoadaptive_security_appliance_softwareMatch9.1.6.4
ORciscoadaptive_security_appliance_softwareMatch9.1.6.8
ORciscoadaptive_security_appliance_softwareMatch9.1.6.10
ORciscoadaptive_security_appliance_softwareMatch9.2.1
ORciscoadaptive_security_appliance_softwareMatch9.2.2
ORciscoadaptive_security_appliance_softwareMatch9.2.2.4
ORciscoadaptive_security_appliance_softwareMatch9.2.2.7
ORciscoadaptive_security_appliance_softwareMatch9.2.3
ORciscoadaptive_security_appliance_softwareMatch9.2.2.8
ORciscoadaptive_security_appliance_softwareMatch9.2.3.3
ORciscoadaptive_security_appliance_softwareMatch9.2.3.4
ORciscoadaptive_security_appliance_softwareMatch9.2.0.0
ORciscoadaptive_security_appliance_softwareMatch9.2.0.104
ORciscoadaptive_security_appliance_softwareMatch9.2.3.1
ORciscoadaptive_security_appliance_softwareMatch9.2.4
ORciscoadaptive_security_appliance_softwareMatch9.2.4.2
ORciscoadaptive_security_appliance_softwareMatch9.2.4.4
ORciscoadaptive_security_appliance_softwareMatch9.3.1
ORciscoadaptive_security_appliance_softwareMatch9.3.1.1
ORciscoadaptive_security_appliance_softwareMatch9.3.2
ORciscoadaptive_security_appliance_softwareMatch9.3.2.2
ORciscoadaptive_security_appliance_softwareMatch9.3.3
ORciscoadaptive_security_appliance_softwareMatch9.3.5
ORciscoadaptive_security_appliance_softwareMatch9.3.3.1
ORciscoadaptive_security_appliance_softwareMatch9.3.3.2
ORciscoadaptive_security_appliance_softwareMatch9.3.3.5
ORciscoadaptive_security_appliance_softwareMatch9.3.3.6
ORciscoadaptive_security_appliance_softwareMatch9.4.1
ORciscoadaptive_security_appliance_softwareMatch9.4.0.115
ORciscoadaptive_security_appliance_softwareMatch9.4.1.1
ORciscoadaptive_security_appliance_softwareMatch9.4.2
ORciscoadaptive_security_appliance_softwareMatch9.4.1.5
ORciscoadaptive_security_appliance_softwareMatch9.4.1.3
ORciscoadaptive_security_appliance_softwareMatch9.4.1.2
ORciscoadaptive_security_appliance_softwareMatch9.4.2.3
ORciscoadaptive_security_appliance_softwareMatch9.5.1
ORciscoadaptive_security_appliance_softwareMatch9.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.5 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.7 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.5 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2016-1385
2016-05-26 15:00:00
nvd
nvd
CVE-2016-1385
2016-05-26 15:59:01
prion
prion
Code injection
2016-05-26 15:59:00
nessus
nessus
Cisco Adaptive Security Appliance XML Parser DoS (cisco-sa-20160517-asa-xml)
2016-07-05 00:00:00
cve
cve
CVE-2016-1385
2016-05-26 15:59:01
openvas
openvas
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
43.8%
Related for CISCO-SA-20160517-ASA-XML