Buffer overflow in Cisco 5500_series_adaptive_security_appliance

CVE-2012-0358

Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0…

Vulnerability class: Buffer Overflow

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

Affected products

Cisco 5500_series_adaptive_security_appliance
Cisco Adaptive_security_appliance_software — versions 7.0, 7.0\(0\), 7.0\(1\)
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

VU#339177 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
20120314 Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-asa-activex-bo(74027) (vdb-entry, x_refsource_XF)
1026799 (vdb-entry, x_refsource_SECTRACK)