Vulnerability Description
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Software | <= 9.3\(2\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407Broken LinkVendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36542Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407Broken LinkVendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36542Vendor Advisory
FAQ
What is CVE-2014-3407?
CVE-2014-3407 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers t...
How severe is CVE-2014-3407?
CVE-2014-3407 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3407?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.