CVE-2019-12677 — Encoding Error in Cisco Adaptive Security Appliance Software

CWE-172 — Encoding Error CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 33.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 2

Latest updateMay 24

Description

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker wou…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software9.3 — 9.3.3.9+5

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwareunspecified — n/a

🔴Vulnerability Details

GHSA

GHSA-wvvv-6xf9-8f8r: A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability↗2019-10-02

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability↗2019-10-02

▶