CVE-2015-0677 โ€” Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 โ€” Improper Input ValidationCWE-3994 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedApr 13
Latest updateMay 17

Description

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-c4fw-9cmg-96mf: The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8โ†—2022-05-17
โ–ถ
CVEList
CVE-2015-0677: The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8โ†—2015-04-13
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco ASA Softwareโ†—2015-04-08
โ–ถ
CVE-2015-0677 โ€” Improper Input Validation in Cisco | cvebase