HomePentest-Tools.com Logo

Cisco ASA Management Interface XML Parser DoS Vulnerability (cisco-sa-20151123-asa) CVE-2015-6379

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

A vulnerability in the XML parser of the management interface of Cisco ASA may lead to a denial of service.

Risk description

The vulnerability is due to insufficient hardening of the XML parser code. Cisco ASA may process a crafted XML file if the file is passed through the management interface or when performing activities with the auto update server AUS. In all cases a valid authentication on the device or a valid AUS server would need to be used in order to provide an XML file. An authenticated, remote attacker could cause system instability and possibly crash an affected system.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 25, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available