Cisco ASA Management Interface XML Parsing Flaw Lets Remote Authenticated Users Cause the Target System to Become Unstable or Crash
|
SecurityTracker Alert ID: 1034251 |
SecurityTracker URL: http://securitytracker.com/id/1034251
|
CVE Reference:
CVE-2015-6379
(Links to External Site)
|
Date: Nov 25 2015
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.4
|
Description:
A vulnerability was reported in Cisco ASA. A remote authenticated user can cause the target system to become unstable or potentially crash.
A remote authenticated user on the management interface can cause the target component to read a specially crafted XML file to trigger a flaw in the XML parser. As a result, the target system will become unstable and may crash.
The vendor has assigned bug ID CSCut14223 to this vulnerability.
|
Impact:
A remote authenticated user can cause the target system to become unstable or potentially crash.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
|
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa (Links to External Site)
|
Cause:
Not specified
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|