SB2016101916 - Denial of service in Cisco ASA
Published: October 19, 2016 Updated: April 5, 2018
Security Bulletin ID
SB2016101916
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Denial of service (CVE-ID: CVE-2016-6431)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulneability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By sending a specially crafted enrollment request to the target system via HTTPS, attackers can trigger flaw in the Certificate Authority (CA) enrollment feature that leads to the system reload.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.