Improper input validation in Cisco Asa_cx_context-aware_security_software

CVE-2015-0678

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending c…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (48.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Asa_cx_context-aware_security_software — versions 9.0.1, 9.0.1-40, 9.0.2
Cisco Asa_with_firepower_services — versions 5.3.1, 5.3.1.1, 5.4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1032046 (vdb-entry, x_refsource_SECTRACK)
20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)