Denial of service in Cisco Adaptive Security Appliance (ASA) - CVE-2016-6431
Published: October 19, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU1046
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6431
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Detailed vulnerability description
The vulneability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient input validation. By sending a specially crafted enrollment request to the target system via HTTPS, attackers can trigger flaw in the Certificate Authority (CA) enrollment feature that leads to the system reload.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is due to insufficient input validation. By sending a specially crafted enrollment request to the target system via HTTPS, attackers can trigger flaw in the Certificate Authority (CA) enrollment feature that leads to the system reload.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
How to mitigate CVE-2016-6431
Update to version 9.0(4.42), 9.1(7.7), 9.2(4.13), 9.3(3.11), 9.4(3.6), 9.5(3) or 9.6(1.5).