CVE-2016-1385 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Adaptive Security Appliance Software

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-3994 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 36.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedMay 26

Latest updateMay 17

Description

The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software130 versions+129

🔴Vulnerability Details

GHSA

GHSA-r338-6h6j-v7p9: The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9↗2022-05-17

▶

CVEList

CVE-2016-1385: The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9↗2016-05-26

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability↗2016-05-17

▶