CVE-2016-1385

high-risk

Published 2016-05-26

The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.

Do I need to act?

-

0.45% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Adaptive Security Appliance Software

Affected Vendors

Cisco

References (4)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1035976

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1035976

58

/ 100

high-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 32/34 · Critical