CVE-2015-0678
Vulnerability from cvelistv5
Published
2015-04-11 01:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032046"
},
{
"name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-16T17:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1032046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032046"
},
{
"name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032046"
},
{
"name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0678",
"datePublished": "2015-04-11T01:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-0678\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2015-04-11T01:59:00.087\",\"lastModified\":\"2024-11-21T02:23:31.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.\"},{\"lang\":\"es\",\"value\":\"La capa de virtualizaci\u00f3n en Software Cisco ASA FirePOWER anterior a 5.3.1.2 y 5.4.x anterior a 5.4.0.1 y Software ASA Context-Aware (CX) anterior a 9.3.2.1-9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) mediante el env\u00edo r\u00e1pido de paquetes manipulados a la interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug IDs CSCus11007 y CSCun56954.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F831CAB0-9206-4BA4-B888-2B77E96BF5EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EE4A218-A8B8-4408-AA4C-A7A330DBF74F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70D4739-02C7-4761-B2E3-4930BEA403B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC9743A-641F-4F0A-97FC-5DF8B0333222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A81A0E90-9200-436C-81BC-FA4BF745EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13B6FFEA-4F46-4D20-9821-FE32B57F6145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4AE8C1-9BD1-491A-9835-D95F4D90F496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0710827-10AD-4DE9-BB0F-B4D072DDC8DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F09A7A-9A3D-4D73-912A-2B01CEABEFBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA36AEA-6516-41DD-90D3-0504A4CB5231\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C47683-C68B-4B84-80F6-FDFF9156991C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFA5ADA-E573-447B-AFD9-E37682B57BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1359CC7F-628F-44EB-B36D-FF1210E227B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E7AFAD-3A1D-4244-AA61-85B430E8D51C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC110506-3E7F-4DD9-99D2-6E04F1E65D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\\\(1.1.112\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA695E3-7E4E-4ECA-8BF6-4B2024DA15D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBAD7032-2FD8-4FAE-8A77-0488EE8ECAF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E3D601-FE3F-433A-84BD-6F070000BAE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9B6425-12DD-44F4-9708-7D7529CB1DE5\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032046\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.