CVE-2014-2129

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.0:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2:::::::*

Information

Published : 2014-04-09 21:34

Updated : 2014-04-10 11:29

NVD link : CVE-2014-2129

Mitre link : CVE-2014-2129

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

adaptive_security_appliance_software

7.1 /10