CVE-2013-3415: Buffer Overflow
First published: Sun Oct 13 2013(Updated: )
Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance | =8.4 | |
| Cisco Adaptive Security Appliance | =8.4\(1\) | |
| Cisco Adaptive Security Appliance | =8.4\(1.11\) | |
| Cisco Adaptive Security Appliance | =8.4\(2\) | |
| Cisco Adaptive Security Appliance | =8.4\(2.11\) | |
| Cisco Adaptive Security Appliance | =8.6 | |
| Cisco Adaptive Security Appliance | =8.6\(1\) | |
| Cisco Adaptive Security Appliance | =8.6\(1.10\) | |
| Cisco Adaptive Security Appliance Software | =8.4 | |
| Cisco Adaptive Security Appliance Software | =8.4\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(1.11\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(2\) | |
| Cisco Adaptive Security Appliance Software | =8.4\(2.11\) | |
| Cisco Adaptive Security Appliance Software | =8.6 | |
| Cisco Adaptive Security Appliance Software | =8.6\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.6\(1.10\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3415?
CVE-2013-3415 has a critical severity level due to the potential for denial of service attacks on the affected devices.
How do I fix CVE-2013-3415?
To fix CVE-2013-3415, upgrade Cisco Adaptive Security Appliance software to version 8.4(3) or 8.6(1.3) or later.
What versions are affected by CVE-2013-3415?
CVE-2013-3415 affects Cisco Adaptive Security Appliance Software versions 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3).
What type of vulnerability is CVE-2013-3415?
CVE-2013-3415 is a memory management vulnerability that can lead to denial of service conditions.
Who can exploit CVE-2013-3415?
Remote attackers can exploit CVE-2013-3415 by disconnecting an AnyConnect SSL VPN client, leading to system disruption.
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/type
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco adaptive security appliance
- version/cisco adaptive security appliance/8.4
- version/cisco adaptive security appliance/8.4\(1\)
- version/cisco adaptive security appliance/8.4\(1.11\)
- version/cisco adaptive security appliance/8.4\(2\)
- version/cisco adaptive security appliance/8.4\(2.11\)
- version/cisco adaptive security appliance/8.6
- version/cisco adaptive security appliance/8.6\(1\)
- version/cisco adaptive security appliance/8.6\(1.10\)
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.4
- version/cisco adaptive security appliance software/8.4\(1\)
- version/cisco adaptive security appliance software/8.4\(1.11\)
- version/cisco adaptive security appliance software/8.4\(2\)
- version/cisco adaptive security appliance software/8.4\(2.11\)
- version/cisco adaptive security appliance software/8.6
- version/cisco adaptive security appliance software/8.6\(1\)
- version/cisco adaptive security appliance software/8.6\(1.10\)