CVE-2015-4321
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724.
Vulnerabilidad en la implementación Unicast Reverse Path Forwarding (uRPF) en Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3) y 9.4(1), no maneja correctamente casos en los que una dirección IP pertenece a una interfaz interna pero también está en la tabla ASA de enrutamiento, lo que permite a atacantes remotos eludir la validación uRPF a través de paquetes suplantados, también conocida como Bug ID CSCuv60724.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-04 CVE Reserved
- 2015-08-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1033265 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=40440 | 2023-08-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.3\(1.50\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.3\(1.50\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.3\(2.100\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.3\(2.100\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.3\(3\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.3\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.4\(1\) Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.4\(1\)" | - |
Affected
| ||||||