8.6

CVE-2016-9225

EPSS 1.38%
Veröffentlicht 01.02.2017 19:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Asa Cx Context-aware Security Software Version9.0.1

Cisco ≫ Asa Cx Context-aware Security Software Version9.0.1-40

Cisco ≫ Asa Cx Context-aware Security Software Version9.0.2

Cisco ≫ Asa Cx Context-aware Security Software Version9.0.2-68

Cisco ≫ Asa Cx Context-aware Security Software Version9.0_base

Cisco ≫ Asa Cx Context-aware Security Software Version9.1.2-29

Cisco ≫ Asa Cx Context-aware Security Software Version9.1.2-42

Cisco ≫ Asa Cx Context-aware Security Software Version9.1.3-8

Cisco ≫ Asa Cx Context-aware Security Software Version9.1.3-10

Cisco ≫ Asa Cx Context-aware Security Software Version9.1.3-13

Cisco ≫ Asa Cx Context-aware Security Software Version9.2.1-1

Cisco ≫ Asa Cx Context-aware Security Software Version9.2.2-1

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.1-1

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.2-1

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.3.1-13

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-1

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-2

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-3

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-4

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-5

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4-6

Cisco ≫ Asa Cx Context-aware Security Software Version9.3.4.1.11

Cisco ≫ Asa Cx Context-aware Security Software Version9.3_base

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.38%	0.785

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

http://www.securityfocus.com/bid/95788

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037696

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-9225

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9225

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9225

EUVD