What is the severity of CVE-2015-0677?

CVE-2015-0677 has a medium severity rating, which indicates a moderate potential impact on affected systems.

How do I fix CVE-2015-0677?

To fix CVE-2015-0677, upgrade your Cisco Adaptive Security Appliance to a version that addresses the vulnerability, such as one of the patched versions listed by Cisco.

What systems are affected by CVE-2015-0677?

CVE-2015-0677 affects various versions of Cisco Adaptive Security Appliance Software prior to the patched versions mentioned in Cisco's advisory.

What types of attacks are possible due to CVE-2015-0677?

Exploitation of CVE-2015-0677 could allow remote attackers to execute arbitrary code on vulnerable Cisco devices via certain VPN configurations.

Are there any workarounds for CVE-2015-0677?

While Cisco recommends upgrading to a fixed version, temporarily disabling affected VPN services may help mitigate the risk associated with CVE-2015-0677.

Vulnerability/
CVE-2015-0677

high

7.8

CWE

13/4/2015

15/8/2023

CVE-2015-0677: Input Validation

First published: Mon Apr 13 2015(Updated: )

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Adaptive Security Appliance	=8.4.1
Cisco Adaptive Security Appliance	=8.4.1.3
Cisco Adaptive Security Appliance	=8.4.1.11
Cisco Adaptive Security Appliance	=8.4.2
Cisco Adaptive Security Appliance	=8.4.2.1
Cisco Adaptive Security Appliance	=8.4.2.8
Cisco Adaptive Security Appliance	=8.4.3
Cisco Adaptive Security Appliance	=8.4.3.8
Cisco Adaptive Security Appliance Software	=8.4.3.9
Cisco Adaptive Security Appliance Software	=8.4.4
Cisco Adaptive Security Appliance Software	=8.4.4.1
Cisco Adaptive Security Appliance Software	=8.4.4.3
Cisco Adaptive Security Appliance Software	=8.4.4.5
Cisco Adaptive Security Appliance Software	=8.4.4.9
Cisco Adaptive Security Appliance Software	=8.4.5
Cisco Adaptive Security Appliance Software	=8.4.5.6
Cisco Adaptive Security Appliance Software	=8.4.6
Cisco Adaptive Security Appliance Software	=8.4.7
Cisco Adaptive Security Appliance Software	=8.4.7.3
Cisco Adaptive Security Appliance Software	=8.4.7.15
Cisco Adaptive Security Appliance Software	=8.4.7.22
Cisco Adaptive Security Appliance Software	=8.4.7.23
Cisco Adaptive Security Appliance Software	=8.4.7.26
Cisco Adaptive Security Appliance Software	=8.6.1
Cisco Adaptive Security Appliance Software	=8.6.1.1
Cisco Adaptive Security Appliance Software	=8.6.1.2
Cisco Adaptive Security Appliance Software	=8.6.1.5
Cisco Adaptive Security Appliance Software	=8.6.1.10
Cisco Adaptive Security Appliance Software	=8.6.1.12
Cisco Adaptive Security Appliance Software	=8.6.1.13
Cisco Adaptive Security Appliance Software	=8.6.1.14
Cisco Adaptive Security Appliance Software	=9.0.1
Cisco Adaptive Security Appliance Software	=9.0.2
Cisco Adaptive Security Appliance Software	=9.0.2.10
Cisco Adaptive Security Appliance Software	=9.0.3
Cisco Adaptive Security Appliance Software	=9.0.3.6
Cisco Adaptive Security Appliance Software	=9.0.3.8
Cisco Adaptive Security Appliance Software	=9.0.4
Cisco Adaptive Security Appliance Software	=9.0.4.1
Cisco Adaptive Security Appliance Software	=9.0.4.5
Cisco Adaptive Security Appliance Software	=9.0.4.7
Cisco Adaptive Security Appliance Software	=9.0.4.17
Cisco Adaptive Security Appliance Software	=9.0.4.20
Cisco Adaptive Security Appliance Software	=9.0.4.24
Cisco Adaptive Security Appliance Software	=9.0.4.26
Cisco Adaptive Security Appliance Software	=9.0.4.29
Cisco Adaptive Security Appliance Software	=9.1.1
Cisco Adaptive Security Appliance Software	=9.1.1.4
Cisco Adaptive Security Appliance Software	=9.1.2
Cisco Adaptive Security Appliance Software	=9.1.2.8
Cisco Adaptive Security Appliance Software	=9.1.3
Cisco Adaptive Security Appliance Software	=9.1.3.2
Cisco Adaptive Security Appliance Software	=9.1.4
Cisco Adaptive Security Appliance Software	=9.1.4.5
Cisco Adaptive Security Appliance Software	=9.1.5
Cisco Adaptive Security Appliance Software	=9.1.5.10
Cisco Adaptive Security Appliance Software	=9.1.5.12
Cisco Adaptive Security Appliance Software	=9.1.5.15
Cisco Adaptive Security Appliance Software	=9.1.5.21
Cisco Adaptive Security Appliance Software	=9.2.1
Cisco Adaptive Security Appliance Software	=9.2.2
Cisco Adaptive Security Appliance Software	=9.2.2.4
Cisco Adaptive Security Appliance Software	=9.2.2.7
Cisco Adaptive Security Appliance Software	=9.2.2.8
Cisco Adaptive Security Appliance Software	=9.2.3
Cisco Adaptive Security Appliance Software	=9.2.3.3
Cisco Adaptive Security Appliance Software	=9.3.1
Cisco Adaptive Security Appliance Software	=9.3.1.1
Cisco Adaptive Security Appliance Software	=9.3.2
Cisco Adaptive Security Appliance Software	=9.3.2.2
Cisco Adaptive Security Appliance Software	=8.4.1
Cisco Adaptive Security Appliance Software	=8.4.1.3
Cisco Adaptive Security Appliance Software	=8.4.1.11
Cisco Adaptive Security Appliance Software	=8.4.2
Cisco Adaptive Security Appliance Software	=8.4.2.1
Cisco Adaptive Security Appliance Software	=8.4.2.8
Cisco Adaptive Security Appliance Software	=8.4.3
Cisco Adaptive Security Appliance Software	=8.4.3.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0677?
CVE-2015-0677 has a medium severity rating, which indicates a moderate potential impact on affected systems.
How do I fix CVE-2015-0677?
To fix CVE-2015-0677, upgrade your Cisco Adaptive Security Appliance to a version that addresses the vulnerability, such as one of the patched versions listed by Cisco.
What systems are affected by CVE-2015-0677?
CVE-2015-0677 affects various versions of Cisco Adaptive Security Appliance Software prior to the patched versions mentioned in Cisco's advisory.
What types of attacks are possible due to CVE-2015-0677?
Exploitation of CVE-2015-0677 could allow remote attackers to execute arbitrary code on vulnerable Cisco devices via certain VPN configurations.
Are there any workarounds for CVE-2015-0677?
While Cisco recommends upgrading to a fixed version, temporarily disabling affected VPN services may help mitigate the risk associated with CVE-2015-0677.

agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/cisco
canonical/cisco adaptive security appliance
version/cisco adaptive security appliance/8.4.1
version/cisco adaptive security appliance/8.4.1.3
version/cisco adaptive security appliance/8.4.1.11
version/cisco adaptive security appliance/8.4.2
version/cisco adaptive security appliance/8.4.2.1
version/cisco adaptive security appliance/8.4.2.8
version/cisco adaptive security appliance/8.4.3
version/cisco adaptive security appliance/8.4.3.8
canonical/cisco adaptive security appliance software
version/cisco adaptive security appliance software/8.4.3.9
version/cisco adaptive security appliance software/8.4.4
version/cisco adaptive security appliance software/8.4.4.1
version/cisco adaptive security appliance software/8.4.4.3
version/cisco adaptive security appliance software/8.4.4.5
version/cisco adaptive security appliance software/8.4.4.9
version/cisco adaptive security appliance software/8.4.5
version/cisco adaptive security appliance software/8.4.5.6
version/cisco adaptive security appliance software/8.4.6
version/cisco adaptive security appliance software/8.4.7
version/cisco adaptive security appliance software/8.4.7.3
version/cisco adaptive security appliance software/8.4.7.15
version/cisco adaptive security appliance software/8.4.7.22
version/cisco adaptive security appliance software/8.4.7.23
version/cisco adaptive security appliance software/8.4.7.26
version/cisco adaptive security appliance software/8.6.1
version/cisco adaptive security appliance software/8.6.1.1
version/cisco adaptive security appliance software/8.6.1.2
version/cisco adaptive security appliance software/8.6.1.5
version/cisco adaptive security appliance software/8.6.1.10
version/cisco adaptive security appliance software/8.6.1.12
version/cisco adaptive security appliance software/8.6.1.13
version/cisco adaptive security appliance software/8.6.1.14
version/cisco adaptive security appliance software/9.0.1
version/cisco adaptive security appliance software/9.0.2
version/cisco adaptive security appliance software/9.0.2.10
version/cisco adaptive security appliance software/9.0.3
version/cisco adaptive security appliance software/9.0.3.6
version/cisco adaptive security appliance software/9.0.3.8
version/cisco adaptive security appliance software/9.0.4
version/cisco adaptive security appliance software/9.0.4.1
version/cisco adaptive security appliance software/9.0.4.5
version/cisco adaptive security appliance software/9.0.4.7
version/cisco adaptive security appliance software/9.0.4.17
version/cisco adaptive security appliance software/9.0.4.20
version/cisco adaptive security appliance software/9.0.4.24
version/cisco adaptive security appliance software/9.0.4.26
version/cisco adaptive security appliance software/9.0.4.29
version/cisco adaptive security appliance software/9.1.1
version/cisco adaptive security appliance software/9.1.1.4
version/cisco adaptive security appliance software/9.1.2
version/cisco adaptive security appliance software/9.1.2.8
version/cisco adaptive security appliance software/9.1.3
version/cisco adaptive security appliance software/9.1.3.2
version/cisco adaptive security appliance software/9.1.4
version/cisco adaptive security appliance software/9.1.4.5
version/cisco adaptive security appliance software/9.1.5
version/cisco adaptive security appliance software/9.1.5.10
version/cisco adaptive security appliance software/9.1.5.12
version/cisco adaptive security appliance software/9.1.5.15
version/cisco adaptive security appliance software/9.1.5.21
version/cisco adaptive security appliance software/9.2.1
version/cisco adaptive security appliance software/9.2.2
version/cisco adaptive security appliance software/9.2.2.4
version/cisco adaptive security appliance software/9.2.2.7
version/cisco adaptive security appliance software/9.2.2.8
version/cisco adaptive security appliance software/9.2.3
version/cisco adaptive security appliance software/9.2.3.3
version/cisco adaptive security appliance software/9.3.1
version/cisco adaptive security appliance software/9.3.1.1
version/cisco adaptive security appliance software/9.3.2
version/cisco adaptive security appliance software/9.3.2.2
version/cisco adaptive security appliance software/8.4.1
version/cisco adaptive security appliance software/8.4.1.3
version/cisco adaptive security appliance software/8.4.1.11
version/cisco adaptive security appliance software/8.4.2
version/cisco adaptive security appliance software/8.4.2.1
version/cisco adaptive security appliance software/8.4.2.8
version/cisco adaptive security appliance software/8.4.3
version/cisco adaptive security appliance software/8.4.3.8

CVE-2015-0677: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0677?

How do I fix CVE-2015-0677?

What systems are affected by CVE-2015-0677?

What types of attacks are possible due to CVE-2015-0677?

Are there any workarounds for CVE-2015-0677?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-0677?

How do I fix CVE-2015-0677?

What systems are affected by CVE-2015-0677?

What types of attacks are possible due to CVE-2015-0677?

Are there any workarounds for CVE-2015-0677?