Details of VAR-201504-0293

ID

VAR-201504-0293

CVE

CVE-2015-0678

TITLE

Cisco ASA FirePOWER Software and ASA Context-Aware Service disruption in the software virtualization layer (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002211

DESCRIPTION

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954. Successful exploits may allow attackers to cause the reload of the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCus11007 and CSCun56954

Trust: 1.98

sources: NVD: CVE-2015-0678 // JVNDB: JVNDB-2015-002211 // BID: 73968 // VULHUB: VHN-78624

AFFECTED PRODUCTS

vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3.2-1	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3.1-1	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.2.1-4	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.2.1-3	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.2.1-2	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.2.1-1	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.1.3-8	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.1.3-13	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.1.3-10	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.1.2-42	Trust: 1.9
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.0.2	Trust: 1.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.0.1	Trust: 1.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.1.2-29	Trust: 1.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.0.2-68	Trust: 1.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.0.1-40	Trust: 1.3
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5.3.1.1	Trust: 1.0
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3\(1.1.112\)	Trust: 1.0
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3_base	Trust: 1.0
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5.4.0	Trust: 1.0
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5.3.1	Trust: 1.0
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.0_base	Trust: 1.0
vendor:	cisco	model:	asa with firepower services	scope:	eq	version:	5.4.0.1	Trust: 0.8
vendor:	cisco	model:	asa with firepower services	scope:	lt	version:	5.4.x	Trust: 0.8
vendor:	cisco	model:	asa firepower services	scope:	eq	version:	5.4	Trust: 0.3
vendor:	cisco	model:	asa firepower services	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	cisco	model:	asa firepower services	scope:	eq	version:	5.3.1.1	Trust: 0.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	eq	version:	9.3(1.1.112)	Trust: 0.3
vendor:	cisco	model:	asa firepower services	scope:	ne	version:	5.3.1.2	Trust: 0.3
vendor:	cisco	model:	asa cx context-aware security software	scope:	ne	version:	9.3.2.1-9	Trust: 0.3

sources: BID: 73968 // JVNDB: JVNDB-2015-002211 // CNNVD: CNNVD-201504-187 // NVD: CVE-2015-0678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0678
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0678
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-187
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78624
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0678
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78624
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78624 // JVNDB: JVNDB-2015-002211 // CNNVD: CNNVD-201504-187 // NVD: CVE-2015-0678

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-78624 // JVNDB: JVNDB-2015-002211 // NVD: CVE-2015-0678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-187

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201504-187

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002211

PATCH

title:	cisco-sa-20150408-cxfp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp	Trust: 0.8
title:	38186	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=38186	Trust: 0.8
title:	cisco-sa-20150408-cxfp	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128964_cisco-sa-20150408-cxfp-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002211

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0678	Trust: 2.8
db:	SECTRACK	id:	1032046	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002211	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-187	Trust: 0.7
db:	BID	id:	73968	Trust: 0.4
db:	VULHUB	id:	VHN-78624	Trust: 0.1

sources: VULHUB: VHN-78624 // BID: 73968 // JVNDB: JVNDB-2015-002211 // CNNVD: CNNVD-201504-187 // NVD: CVE-2015-0678

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-cxfp	Trust: 2.0
url:	http://www.securitytracker.com/id/1032046	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0678	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0678	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38186	Trust: 0.3

sources: VULHUB: VHN-78624 // BID: 73968 // JVNDB: JVNDB-2015-002211 // CNNVD: CNNVD-201504-187 // NVD: CVE-2015-0678

CREDITS

Cisco

Trust: 0.3

sources: BID: 73968

SOURCES

db:	VULHUB	id:	VHN-78624
db:	BID	id:	73968
db:	JVNDB	id:	JVNDB-2015-002211
db:	CNNVD	id:	CNNVD-201504-187
db:	NVD	id:	CVE-2015-0678

LAST UPDATE DATE

2024-11-23T22:18:24.609000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78624	date:	2015-10-01T00:00:00
db:	BID	id:	73968	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002211	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-187	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-0678	date:	2024-11-21T02:23:31.367

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78624	date:	2015-04-11T00:00:00
db:	BID	id:	73968	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002211	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-187	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-0678	date:	2015-04-11T01:59:00.087