VAR-201310-0202
Vulnerability from variot - Updated: 2023-12-18 12:09Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to exhaust the available memory and cause the affected system to become unresponsive resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtt36737. A denial of service vulnerability exists in Cisco ASA software 8.4.x versions prior to 8.4(3) and 8.6.x versions prior to 8.6(1.3). memory block
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4\\(1.11\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4\\(2.11\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.6\\(1.10\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.4\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.4(3)"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.6(1.3)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.28"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.13"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.1.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.1.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4.1.11"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(1.3)"
},
{
"model": "adaptive security appliance software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4(3)"
}
],
"sources": [
{
"db": "BID",
"id": "62915"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(1.11\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(2.11\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6\\(1.10\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3415"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "62915"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3415",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3415",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-63417",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3415",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-225",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63417",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-3415",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine\u0027s IP address, aka Bug ID CSCtt36737. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. \nSuccessful exploits may allow an attacker to exhaust the available memory and cause the affected system to become unresponsive resulting in denial-of-service conditions. \nThis issue is being tracked by Cisco Bug ID CSCtt36737. A denial of service vulnerability exists in Cisco ASA software 8.4.x versions prior to 8.4(3) and 8.6.x versions prior to 8.6(1.3). memory block",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "BID",
"id": "62915"
},
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "VULMON",
"id": "CVE-2013-3415"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3415",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE",
"trust": 0.6
},
{
"db": "BID",
"id": "62915",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63417",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3415",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"db": "BID",
"id": "62915"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"id": "VAR-201310-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63417"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:09:00.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20131009-asa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa"
},
{
"title": "AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3415"
},
{
"title": "31106",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31106"
},
{
"title": "cisco-sa-20131009-asa",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/111/1119/1119989_cisco-sa-20131009-asa-j.html"
},
{
"title": "Cisco: Multiple Vulnerabilities in Cisco ASA Software",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20131009-asa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa"
},
{
"trust": 1.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3415"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3415"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3415"
},
{
"trust": 0.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31106"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"db": "BID",
"id": "62915"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63417"
},
{
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"db": "BID",
"id": "62915"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-63417"
},
{
"date": "2013-10-13T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"date": "2013-10-09T00:00:00",
"db": "BID",
"id": "62915"
},
{
"date": "2013-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"date": "2013-10-13T10:20:03.740000",
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"date": "2013-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-63417"
},
{
"date": "2016-11-01T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3415"
},
{
"date": "2013-10-09T00:00:00",
"db": "BID",
"id": "62915"
},
{
"date": "2014-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004640"
},
{
"date": "2023-08-15T14:41:35.310000",
"db": "NVD",
"id": "CVE-2013-3415"
},
{
"date": "2013-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004640"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-225"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…