CVE-2013-3415

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737.

Cisco Adaptive Security Appliance (ASA) Software 8.4.x anteriores a 8.4(3) y 8.6.x aanteriores 8.6(1.3) no maneja apropiadamente la memorua hasta la desconexión de un cliente VPN AnyConnect SSL, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria, y corte de redirección o cuelgue de sistema) a través de paquetes a la dirección IP de la máquina desconectada, tambien conocido como Bug ID CSCtt36737.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-05-06 CVE Reserved
2013-10-13 CVE Published
2024-08-06 CVE Updated
2024-09-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	2023-08-15
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3415	2023-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.4 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.4"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.4\(1\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.4\(1\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.4\(1.11\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.4\(1.11\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.4\(2\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.4\(2\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.4\(2.11\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.4\(2.11\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.6 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.6"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.6\(1\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.6\(1\)"		-		Affected
Cisco Search vendor "Cisco"		Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software"				8.6\(1.10\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "8.6\(1.10\)"		-		Affected