cvelistv5 - cve-2015-0678

CVE-2015-0678 (GCVE-0-2015-0678)

Vulnerability from cvelistv5

Published

2015-04-11 01:00

Modified

2024-08-06 04:17

Severity ?

CWE

Summary

References

URL

Tags

psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032046
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032046

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032046"
          },
          {
            "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-16T17:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032046"
        },
        {
          "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032046"
            },
            {
              "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0678",
    "datePublished": "2015-04-11T01:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0678\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-04-11T01:59:00.087\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.\"},{\"lang\":\"es\",\"value\":\"La capa de virtualizaci\u00f3n en Software Cisco ASA FirePOWER anterior a 5.3.1.2 y 5.4.x anterior a 5.4.0.1 y Software ASA Context-Aware (CX) anterior a 9.3.2.1-9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) mediante el env\u00edo r\u00e1pido de paquetes manipulados a la interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug IDs CSCus11007 y CSCun56954.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F831CAB0-9206-4BA4-B888-2B77E96BF5EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EE4A218-A8B8-4408-AA4C-A7A330DBF74F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70D4739-02C7-4761-B2E3-4930BEA403B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC9743A-641F-4F0A-97FC-5DF8B0333222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A81A0E90-9200-436C-81BC-FA4BF745EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13B6FFEA-4F46-4D20-9821-FE32B57F6145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A4AE8C1-9BD1-491A-9835-D95F4D90F496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0710827-10AD-4DE9-BB0F-B4D072DDC8DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F09A7A-9A3D-4D73-912A-2B01CEABEFBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA36AEA-6516-41DD-90D3-0504A4CB5231\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C47683-C68B-4B84-80F6-FDFF9156991C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFA5ADA-E573-447B-AFD9-E37682B57BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1359CC7F-628F-44EB-B36D-FF1210E227B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E7AFAD-3A1D-4244-AA61-85B430E8D51C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC110506-3E7F-4DD9-99D2-6E04F1E65D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\\\(1.1.112\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA695E3-7E4E-4ECA-8BF6-4B2024DA15D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBAD7032-2FD8-4FAE-8A77-0488EE8ECAF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E3D601-FE3F-433A-84BD-6F070000BAE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9B6425-12DD-44F4-9708-7D7529CB1DE5\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032046\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-148

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco ASA Software versions antérieures à 9.1(5.21)
Cisco	N/A	Cisco ASA Software versions antérieures à 9.3(2)
Cisco	N/A	Cisco WebEx Meetings Server versions antérieures à 2.5MR4
Cisco	N/A	Cisco Prime License Manager versions antérieures à 10.0 patch 1
Cisco	N/A	Cisco ASA Software versions antérieures à 9.2(3.3)
Cisco	N/A	Cisco Nexus 1000V Series Switches versions antérieures à 5.2(1)SV3(2.1)
Cisco	N/A	Cisco Prime License Manager versions antérieures à 9.8 patch 5
Cisco	N/A	Cisco WebEx Meetings Server versions antérieures à 2.6
Cisco	N/A	Cisco ASA FirePOWER Software versions antérieures à 5.4.0.1
Cisco	N/A	Cisco ASA FirePOWER Software versions antérieures à 5.3.1.2
Cisco	N/A	Cisco Prime License Manager versions antérieures à 10.3 patch 1
Cisco	N/A	Cisco ASA CX Software versions antérieures à 9.3.2.1-9

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20150408-ntpd du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150408-cxfp du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20150408-cxfp du 08 avril 2015	-	other
Bulletin de sécurité Cisco cisco-sa-20150408-ntpd du 08 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco ASA Software versions ant\u00e9rieures \u00e0 9.1(5.21)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA Software versions ant\u00e9rieures \u00e0 9.3(2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings Server versions ant\u00e9rieures \u00e0 2.5MR4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime License Manager versions ant\u00e9rieures \u00e0 10.0 patch 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA Software versions ant\u00e9rieures \u00e0 9.2(3.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 1000V Series Switches versions ant\u00e9rieures \u00e0 5.2(1)SV3(2.1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime License Manager versions ant\u00e9rieures \u00e0 9.8 patch 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings Server versions ant\u00e9rieures \u00e0 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA FirePOWER Software versions ant\u00e9rieures \u00e0 5.4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA FirePOWER Software versions ant\u00e9rieures \u00e0 5.3.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime License Manager versions ant\u00e9rieures \u00e0 10.3 patch 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA CX Software versions ant\u00e9rieures \u00e0 9.3.2.1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1798"
    },
    {
      "name": "CVE-2015-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1799"
    },
    {
      "name": "CVE-2015-0678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0678"
    }
  ],
  "initial_release_date": "2015-04-13T00:00:00",
  "last_revision_date": "2015-04-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150408-cxfp du 08    avril 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150408-ntpd du 08    avril 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
    }
  ],
  "reference": "CERTFR-2015-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150408-ntpd du 08 avril 2015",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150408-cxfp du 08 avril 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-143

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco ASA 5500-X Series Adaptive Security Appliances
Cisco	N/A	Cisco ASA Next-Generation Firewall 9.x (formerly Cisco ASA-CX Context-Aware Security)
Cisco	Adaptive Security Appliance	Cisco Adaptive Security Appliance (ASA) 9.x

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 09 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco ASA 5500-X Series Adaptive Security Appliances",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA Next-Generation Firewall 9.x (formerly Cisco ASA-CX Context-Aware Security)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Adaptive Security Appliance (ASA) 9.x",
      "product": {
        "name": "Adaptive Security Appliance",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0678"
    }
  ],
  "initial_release_date": "2015-04-09T00:00:00",
  "last_revision_date": "2015-04-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\nd\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 09 avril 2015",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
    }
  ]
}

cnvd-2015-02390

Vulnerability from cnvd

Title

Cisco ASA FirePOWER Services及Cisco ASA CX Services拒绝服务漏洞

Description

Cisco Adaptive Security Appliance是一款自适应安全设备,可提供安全和VPN服务的模块。 Cisco ASA FirePOWER Services及Cisco ASA CX Services的虚拟层存在安全漏洞，允许未经身份验证的远程攻击者利用此漏洞通过发送大量的构造数据包到受影响设备的管理接口，可造成系统重载。

Severity

高

Patch Name

Cisco ASA FirePOWER Services及Cisco ASA CX Services拒绝服务漏洞的补丁

Patch Description

Cisco Adaptive Security Appliance是一款自适应安全设备,可提供安全和VPN服务的模块。Cisco ASA FirePOWER Services及Cisco ASA CX Services的虚拟层存在安全漏洞，允许未经身份验证的远程攻击者利用此漏洞通过发送大量的构造数据包到受影响设备的管理接口，可造成系统重载。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp

Impacted products

Name
['Cisco ASA FirePOWER Software <5.3.1.2', 'Cisco ASA FirePOWER Software 5.4.x(<5.4.0.1)', 'Cisco ASA Context-Aware (CX) Software <9.3.2.1-9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0678"
    }
  },
  "description": "Cisco Adaptive Security Appliance\u662f\u4e00\u6b3e\u81ea\u9002\u5e94\u5b89\u5168\u8bbe\u5907,\u53ef\u63d0\u4f9b\u5b89\u5168\u548cVPN\u670d\u52a1\u7684\u6a21\u5757\u3002 \r\n\r\nCisco ASA FirePOWER Services\u53caCisco ASA CX Services\u7684\u865a\u62df\u5c42\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u6784\u9020\u6570\u636e\u5305\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u7ba1\u7406\u63a5\u53e3\uff0c\u53ef\u9020\u6210\u7cfb\u7edf\u91cd\u8f7d\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02390",
  "openTime": "2015-04-14",
  "patchDescription": "Cisco Adaptive Security Appliance\u662f\u4e00\u6b3e\u81ea\u9002\u5e94\u5b89\u5168\u8bbe\u5907,\u53ef\u63d0\u4f9b\u5b89\u5168\u548cVPN\u670d\u52a1\u7684\u6a21\u5757\u3002Cisco ASA FirePOWER Services\u53caCisco ASA CX Services\u7684\u865a\u62df\u5c42\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u5927\u91cf\u7684\u6784\u9020\u6570\u636e\u5305\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u7ba1\u7406\u63a5\u53e3\uff0c\u53ef\u9020\u6210\u7cfb\u7edf\u91cd\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco ASA FirePOWER Services\u53caCisco ASA CX Services\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco ASA FirePOWER Software \u003c5.3.1.2",
      "Cisco ASA FirePOWER Software 5.4.x(\u003c5.4.0.1)",
      "Cisco ASA Context-Aware (CX) Software \u003c9.3.2.1-9"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-12",
  "title": "Cisco ASA FirePOWER Services\u53caCisco ASA CX Services\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954. Successful exploits may allow attackers to cause the reload of the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCus11007 and CSCun56954

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0293",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.3.2-1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.3.1-1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.2.1-4"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.2.1-3"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.2.1-2"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.2.1-1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.1.3-8"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.1.3-13"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.1.3-10"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "9.1.2-42"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.0.2"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.0.1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.1.2-29"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.0.2-68"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "cisco",
        "version": "9.0.1-40"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1.1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.3\\(1.1.112\\)"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.3_base"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.4.0"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.3.1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.0_base"
      },
      {
        "model": "asa with firepower services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.4.0.1"
      },
      {
        "model": "asa with firepower services",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.4.x"
      },
      {
        "model": "asa firepower services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.4"
      },
      {
        "model": "asa firepower services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.1"
      },
      {
        "model": "asa firepower services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.1.1"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3(1.1.112)"
      },
      {
        "model": "asa firepower services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.3.1.2"
      },
      {
        "model": "asa cx context-aware security software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9.3.2.1-9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:asa_cx_context-aware_security_software",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:cisco:asa_with_firepower_services",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "73968"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0678",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-0678",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-78624",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-0678",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-0678",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-187",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78624",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954. \nSuccessful exploits may allow attackers to cause the reload of the affected system, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug IDs CSCus11007 and CSCun56954",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "BID",
        "id": "73968"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0678",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032046",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "73968",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-78624",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "db": "BID",
        "id": "73968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "id": "VAR-201504-0293",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      }
    ],
    "trust": 0.6714285999999999
  },
  "last_update_date": "2024-11-23T22:18:24.609000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20150408-cxfp",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
      },
      {
        "title": "38186",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38186"
      },
      {
        "title": "cisco-sa-20150408-cxfp",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128964_cisco-sa-20150408-cxfp-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-cxfp"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032046"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0678"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0678"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38186"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "db": "BID",
        "id": "73968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "db": "BID",
        "id": "73968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73968"
      },
      {
        "date": "2015-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "date": "2015-04-11T01:59:00.087000",
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78624"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73968"
      },
      {
        "date": "2015-04-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      },
      {
        "date": "2024-11-21T02:23:31.367000",
        "db": "NVD",
        "id": "CVE-2015-0678"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASA FirePOWER Software and  ASA Context-Aware Service disruption in the software virtualization layer  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002211"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-187"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-0678

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-0678

Aliases

CVE-2015-0678

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0678",
    "description": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.",
    "id": "GSD-2015-0678"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0678"
      ],
      "details": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.",
      "id": "GSD-2015-0678",
      "modified": "2023-12-13T01:19:58.272196Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-0678",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032046",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032046"
          },
          {
            "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\(1.1.112\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0678"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150408 Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
            },
            {
              "name": "1032046",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032046"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-10-01T17:16Z",
      "publishedDate": "2015-04-11T01:59Z"
    }
  }
}

ghsa-5v87-2xc2-82hj

Vulnerability from github

Published

2022-05-17 04:06

Modified

2022-05-17 04:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-11T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.",
  "id": "GHSA-5v87-2xc2-82hj",
  "modified": "2022-05-17T04:06:09Z",
  "published": "2022-05-17T04:06:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0678"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2015-0678

Vulnerability from fkie_nvd

Published

2015-04-11 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032046
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032046

Impacted products

Vendor	Product	Version
cisco	asa_with_firepower_services	5.3.1
cisco	asa_with_firepower_services	5.3.1.1
cisco	asa_with_firepower_services	5.4.0
cisco	asa_cx_context-aware_security_software	9.0.1
cisco	asa_cx_context-aware_security_software	9.0.1-40
cisco	asa_cx_context-aware_security_software	9.0.2
cisco	asa_cx_context-aware_security_software	9.0.2-68
cisco	asa_cx_context-aware_security_software	9.0_base
cisco	asa_cx_context-aware_security_software	9.1.2-29
cisco	asa_cx_context-aware_security_software	9.1.2-42
cisco	asa_cx_context-aware_security_software	9.1.3-8
cisco	asa_cx_context-aware_security_software	9.1.3-10
cisco	asa_cx_context-aware_security_software	9.1.3-13
cisco	asa_cx_context-aware_security_software	9.2.1-1
cisco	asa_cx_context-aware_security_software	9.2.1-2
cisco	asa_cx_context-aware_security_software	9.2.1-3
cisco	asa_cx_context-aware_security_software	9.2.1-4
cisco	asa_cx_context-aware_security_software	9.3\(1.1.112\)
cisco	asa_cx_context-aware_security_software	9.3.1-1
cisco	asa_cx_context-aware_security_software	9.3.2-1
cisco	asa_cx_context-aware_security_software	9.3_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F831CAB0-9206-4BA4-B888-2B77E96BF5EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_with_firepower_services:5.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE4A218-A8B8-4408-AA4C-A7A330DBF74F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_with_firepower_services:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70D4739-02C7-4761-B2E3-4930BEA403B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC9743A-641F-4F0A-97FC-5DF8B0333222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81A0E90-9200-436C-81BC-FA4BF745EEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*",
              "matchCriteriaId": "13B6FFEA-4F46-4D20-9821-FE32B57F6145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4AE8C1-9BD1-491A-9835-D95F4D90F496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0710827-10AD-4DE9-BB0F-B4D072DDC8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*",
              "matchCriteriaId": "96F09A7A-9A3D-4D73-912A-2B01CEABEFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA36AEA-6516-41DD-90D3-0504A4CB5231",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C47683-C68B-4B84-80F6-FDFF9156991C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFA5ADA-E573-447B-AFD9-E37682B57BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1359CC7F-628F-44EB-B36D-FF1210E227B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E7AFAD-3A1D-4244-AA61-85B430E8D51C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC110506-3E7F-4DD9-99D2-6E04F1E65D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\(1.1.112\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA695E3-7E4E-4ECA-8BF6-4B2024DA15D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBAD7032-2FD8-4FAE-8A77-0488EE8ECAF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3D601-FE3F-433A-84BD-6F070000BAE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9B6425-12DD-44F4-9708-7D7529CB1DE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954."
    },
    {
      "lang": "es",
      "value": "La capa de virtualizaci\u00f3n en Software Cisco ASA FirePOWER anterior a 5.3.1.2 y 5.4.x anterior a 5.4.0.1 y Software ASA Context-Aware (CX) anterior a 9.3.2.1-9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) mediante el env\u00edo r\u00e1pido de paquetes manipulados a la interfaz de gesti\u00f3n, tambi\u00e9n conocido como Bug IDs CSCus11007 y CSCun56954."
    }
  ],
  "id": "CVE-2015-0678",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-11T01:59:00.087",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-cxfp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032046"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-0678 (GCVE-0-2015-0678)

Vulnerability from cvelistv5

CERTFR-2015-AVI-148

Vulnerability from certfr_avis

Solution

CERTFR-2015-AVI-143

Vulnerability from certfr_avis

Solution

cnvd-2015-02390

Vulnerability from cnvd

var-201504-0293

Vulnerability from variot

gsd-2015-0678

Vulnerability from gsd

ghsa-5v87-2xc2-82hj

Vulnerability from github

fkie_cve-2015-0678

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature