CVE-2013-5508

CWE-20 — Improper Input Validation CWE-264 CWE-3995 documents4 sources

Severity

7.1HIGH

EPSS

0.4%

top 36.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firewall Services Module Software

Timeline

PublishedOct 13

Latest updateMay 17

Description

The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate…

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/firewall_services_module_software61 versions+60

▶NVDcisco/adaptive_security_appliance_software104 versions+103

🔴Vulnerability Details

GHSA

GHSA-cg4p-8fph-9vf2: The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7↗2022-05-17

▶

CVEList

CVE-2013-5508: The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7↗2013-10-13

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco ASA Software↗2013-10-09

▶

Cisco

Multiple Vulnerabilities in Cisco Firewall Services Module Software↗2013-10-09

▶