CVE-2013-3415

Published Oct 13, 2013

Last updated a year ago

Overview

Description: Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A914DE5-2269-451A-823A-B26AE1A7F980"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69683734-528F-488A-8A90-8478FA27B97E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(1.11\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95EC2D6C-84BA-4A58-B4A0-6FF8613AF9C0"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "691166C2-1FBD-46EB-8AA5-FCE303444ACD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(2.11\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4956430E-BEC1-4788-B0D2-E50E36C70306"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BFCE154-6582-49E2-9B9D-641986B7D653"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "563181F6-6A37-496B-AE25-0D03214BA7BD"
          },
          {
            "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6\\(1.10\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CF663E3-9CA5-4E11-B58F-CAC012F2C397"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References