Vulnerability in Cisco Adaptive_security_appliance

CVE-2013-1199

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by acce…

Vulnerability class: Race Condition

EPSS: 0.005 (64.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Adaptive_security_appliance
Cisco Adaptive_security_appliance_clientless_ssl_vpn
Cisco Adaptive_security_appliance_software
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

20130417 Cisco ASA Clientless SSL VPN CIFS Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)