CVE-2014-3407

EUVD-2014-3420
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ciscoadaptive_security_appliance_software
𝑥
≤ 9.3\(2\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407
http://tools.cisco.com/security/center/viewAlert.x?alertId=36542
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407
http://tools.cisco.com/security/center/viewAlert.x?alertId=36542