CISCO : Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106079

Kategorie: CISCO

Titel: Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability

Zusammenfassung: A vulnerability in XML parser code of Cisco Adaptive Security Appliance;Software could allow an authenticated, remote attacker to cause system instability or a reload of the;affected system.;;The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit;this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges;could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the;malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability;by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which;could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.;;Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability;are not available.

Beschreibung: Summary:
A vulnerability in XML parser code of Cisco Adaptive Security Appliance
Software could allow an authenticated, remote attacker to cause system instability or a reload of the
affected system.

The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit
this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges
could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the
malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability
by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which
could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability
are not available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1385
Cisco Security Advisory: 20160517 Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
http://www.securitytracker.com/id/1035976

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106079
Kategorie:	CISCO
Titel:	Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
Zusammenfassung:	A vulnerability in XML parser code of Cisco Adaptive Security Appliance;Software could allow an authenticated, remote attacker to cause system instability or a reload of the;affected system.;;The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit;this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges;could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the;malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability;by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which;could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.;;Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability;are not available.
Beschreibung:	Summary: A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1385 Cisco Security Advisory: 20160517 Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml http://www.securitytracker.com/id/1035976
Copyright	Copyright (C) 2016 Greenbone Networks GmbH