CVE-2017-12246Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-399CWE-20Improper Input Validation4 documents4 sources
Severity
8.6HIGHNVD
EPSS
3.3%
top 12.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Adaptive Security Appliance SoftwareCisco Adaptive Security Appliance Software
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/adaptive_security_appliance_software9.4\(3\), 9.7\(1\), 9.8\(0.56\)+2
CVEListV5cisco/cisco_adaptive_security_appliance_softwareCisco Adaptive Security Appliance Software

🔴Vulnerability Details

2
GHSA
GHSA-jx9p-773v-m536: A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthen2022-05-13
CVEList
CVE-2017-12246: A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthen2017-10-05

📋Vendor Advisories

1
Cisco
Cisco Adaptive Security Appliance Software Direct Authentication Denial of Service Vulnerability2017-10-04
CVE-2017-12246 — Improper Input Validation in Cisco | cvebase