CVE-2014-3407

Published: Nov 28, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

Affected (1)

Products: Cisco: Adaptive Security Appliance Software

1 product

Adaptive Security Appliance Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Adaptive Security Appliance Software	Up to 9.3\(2\)

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407

Source: psirt@cisco.com

Broken LinkVendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=36542

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3407

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=36542

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.