CVE-2013-1199

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1199	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_clientless_ssl_vpn:-:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:-:::::::*

cpe:2.3:h:cisco:adaptive_security_appliance:*:*:*:*:*:*:*:*

Information

Published : 2013-04-18 11:55

Updated : 2013-04-18 21:00

NVD link : CVE-2013-1199

Mitre link : CVE-2013-1199

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Products Affected

cisco

adaptive_security_appliance_software
adaptive_security_appliance
adaptive_security_appliance_clientless_ssl_vpn

4.9 /10