CVE-2014-2129Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input Validation4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 39.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedApr 10
Latest updateMay 17

Description

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w9h6-gh9q-r8qm: The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 82022-05-17
CVEList
CVE-2014-2129: The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 82014-04-10

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco ASA Software2014-04-09
CVE-2014-2129 — Improper Input Validation in Cisco | cvebase