CVE-2009-1157

Published Apr 9, 2009

Last updated 16 years ago

Overview

Description: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.
Source: ykramarz@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Evaluator

Comment: -
Impact: Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml Crafted TCP Packet DoS Vulnerability Cisco ASA and Cisco PIX security appliances may experience a memory leak that can be triggered by a series of crafted TCP packets. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features: * SSL VPNs * ASDM Administrative Access * Telnet Access * SSH Access * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs * Virtual Telnet * Virtual HTTP * Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection * Cut-Through Proxy for Network Access * TCP Intercept
Solution: Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml Crafted TCP Packet DoS Vulnerability Cisco ASA and Cisco PIX security appliances may experience a memory leak that can be triggered by a series of crafted TCP packets. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features: * SSL VPNs * ASDM Administrative Access * Telnet Access * SSH Access * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs * Virtual Telnet * Virtual HTTP * Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection * Cut-Through Proxy for Network Access * TCP Intercept

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "235C2CE5-C858-4037-AE35-E6D506301894"
          },
          {
            "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41"
          },
          {
            "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610"
          },
          {
            "criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6"
          },
          {
            "criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556"
          },
          {
            "criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209"
          },
          {
            "criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154"
          },
          {
            "criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Evaluator

Configurations

References