QID 316956
Date Published: 2021-04-30
QID 316956: Cisco Adaptive Security Appliance Software Web Services Buffer Overflow Denial of Service Vulnerability(cisco-sa-memc-dos-fncTyYKG)
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software
could allow an authenticated, remote attacker to cause a buffer overflow on an affected system.
Affected Products
Cisco products if they are running a vulnerable release of Cisco ASA Software and have a vulnerable AnyConnect VPN or WebVPN configuration.
From 9.8 Prior to 9.8.4.34
From 9.9 Prior to 9.9.2.85
From 9.10 Prior to 9.12.4.13
From 9.13 Prior to 9.13.1.21
From 9.14 Prior to 9.14.2.8
From 9.15 Prior to 9.15.1.7
QID Detection Logic (Authenticated):
The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.
A successful exploit could allow the attacker to cause a buffer overflow condition
on the affected system, which could disclose data fragments or
cause the device to reload, resulting in a denial of service (DoS) condition.
Customers are advised to refer to cisco-sa-memc-dos-fncTyYKG for more information.
- cisco-sa-asa-ftd-vpn-dos-fpBcpEcD -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD - cisco-sa-memc-dos-fncTyYKG -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG
CVEs related to QID 316956
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-memc-dos-fncTyYKG |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG |