CVE-2013-6682 β€” Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 β€” Improper Input ValidationCWE-2644 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 55.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedNov 13
Latest updateMay 17

Description

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial of service (connection-database corruption) via an invalid entry, aka Bug ID CSCui33299.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-j62m-465v-c87q: The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9β†—2022-05-17
β–Ά
CVEList
CVE-2013-6682: The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9β†—2013-11-13
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability↗2013-11-11
β–Ά
CVE-2013-6682 β€” Improper Input Validation in Cisco | cvebase