CVE-2017-12246

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.

CVSS v3 8.6 HIGH
CVSS v2.0 7.8 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/101165	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039503	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(3\):::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7\(1\):::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(0.56\):::::::*

History

15 Aug 2023, 15:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.8\(0.56\):::::::* cpe:2.3:a:cisco:adaptive_security_appliance_software:9.7\(1\):::::::*	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(0.56\):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.7\(1\):::::::*

11 Aug 2023, 18:54

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.4\(3\):::::::*	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(3\):::::::*

Information

Published : 2017-10-05 07:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-12246

Mitre link : CVE-2017-12246

CVE.ORG link : CVE-2017-12246

JSON object : View

Products Affected

cisco

adaptive_security_appliance_software

CWE

CWE-20

Improper Input Validation

CWE-399

Resource Management Errors

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-12246

8.6^/10

7.8^/10

Attach tags to `CVE-2017-12246`