CVE-2013-6707 — Missing Release of Resource after Effective Lifetime in Cisco Adaptive Security Appliance Software

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-3994 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 19.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedDec 7

Latest updateMay 17

Description

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.1\(3\)

🔴Vulnerability Details

GHSA

GHSA-wjrw-qp67-6h86: Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2022-05-17

▶

CVEList

CVE-2013-6707: Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2013-12-07

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Management Connections Denial of Service Vulnerability↗2013-12-06

▶