CVE-2016-6431 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 27

Latest updateMay 14

Description

A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS pack…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software206 versions+205

🔴Vulnerability Details

GHSA

GHSA-xpcq-x3x2-r3vr: A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9↗2022-05-14

▶

CVEList

CVE-2016-6431: A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9↗2016-10-27

▶

📋Vendor Advisories

Cisco

Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability↗2016-10-19

▶