Buffer overflow in Cisco 5500_series_adaptive_security_appliance

CVE-2012-4661

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4…

Vulnerability class: Buffer Overflow

EPSS: 0.097 (93.1th percentile) — read the EPSS interpretation.

Affected products

Cisco 5500_series_adaptive_security_appliance
Cisco 7600_router
Cisco Adaptive_security_appliance_software — versions 8.3\(1\), 8.3\(2\), 8.4
Cisco Catalyst_6500
Cisco Catalyst_6503-e
Cisco Catalyst_6504-e
Cisco Catalyst_6506-e
Cisco Catalyst_6509-e
Cisco Catalyst_6509-neb-a
Cisco Catalyst_6509-v-e

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

55863 (vdb-entry, x_refsource_BID)
20121010 Multiple Vulnerabilities in Cisco Firewall Services Module (x_refsource_CISCO, vendor-advisory)
50857 (x_refsource_SECUNIA, third-party-advisory)
86146 (x_refsource_OSVDB, vdb-entry)
20121010 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module (x_refsource_CISCO, vendor-advisory)
cisco-fwsm-dcerpc-bo(79173) (vdb-entry, x_refsource_XF)