Home Unlabelled Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability

Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability

By
Wednesday, May 18, 2016
Read
Add Comment
A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system.

The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/1snPZip A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system.

The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways by utilizing a malicious file. An attacker with administrative privileges could exploit this by uploading a malicious XML file on the system and trigger the XML code to parse the malicious file. Additionally, an attacker with Clienteles SSL VPN access could exploit this vulnerability by sending a crafted XML file. An exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/1snPZip
Security Impact Rating: Medium
CVE: CVE-2016-1385

from Cisco Security Advisory http://ift.tt/1snPZip
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us