CVE-2016-1312

HIGH

Cisco ASA 5500 CSC-SSM Firmware < 6.6.1164.0 - Denial of Service via HTTPS Packet Flood

Title source: llm
STIX 2.1

Description

The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84281
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035230

Scores

CVSS v3 7.5
EPSS 0.0287
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-119 CWE-399
Status published
Products (1)
cisco/asa_5500_csc-ssm_firmware 6.6.1125.0
Published Mar 09, 2016
Tracked Since Feb 18, 2026