CVE-2015-0677

Cisco ASA Software 8.4-9.3 DoS via XML Parser

Title source: llm
STIX 2.1

Description

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032045

Scores

EPSS 0.0191
EPSS Percentile 77.4%

Details

CWE
CWE-20
Status published
Products (50)
cisco/adaptive_security_appliance_software 8.4.1
cisco/adaptive_security_appliance_software 8.4.1.3
cisco/adaptive_security_appliance_software 8.4.1.11
cisco/adaptive_security_appliance_software 8.4.2
cisco/adaptive_security_appliance_software 8.4.2.1
cisco/adaptive_security_appliance_software 8.4.2.8
cisco/adaptive_security_appliance_software 8.4.3
cisco/adaptive_security_appliance_software 8.4.3.8
cisco/adaptive_security_appliance_software 8.4.3.9
cisco/adaptive_security_appliance_software 8.4.4
... and 40 more
Published Apr 13, 2015
Tracked Since Feb 18, 2026