CVE-2015-0678

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGH

EPSS

0.3%

top 51.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASA CX Context-aware Security Software Cisco ASA With Firepower Services

Timeline

PublishedApr 11

Latest updateMay 17

Description

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/asa_cx_context-aware_security_software18 versions+17

▶NVDcisco/asa_with_firepower_services5.3.1, 5.3.1.1, 5.4.0+2

🔴Vulnerability Details

GHSA

GHSA-5v87-2xc2-82hj: The virtualization layer in Cisco ASA FirePOWER Software before 5↗2022-05-17

▶

CVEList

CVE-2015-0678: The virtualization layer in Cisco ASA FirePOWER Software before 5↗2015-04-11

▶

📋Vendor Advisories

Cisco

Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability↗2015-04-08

▶