CVE-2007-0964

CWE-3994 documents4 sources

Severity

5.4MEDIUM

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firewall Services Module

Timeline

PublishedFeb 16

Latest updateMay 1

Description

Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.

CVSS vector

AV:N/AC:H/C:N/I:N/A:CExploitability: 4.9 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/firewall_services_module3.1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-6w7g-rc9r-wg57: Cisco FWSM 3↗2022-05-01

▶

CVEList

CVE-2007-0964: Cisco FWSM 3↗2007-02-16

▶

📋Vendor Advisories

Cisco

Cisco Firewall Services Module HTTPS Request Denial of Service Vulnerability↗2007-02-14

▶