NVD

Id
21205  
Name
CVE-2016-6431  
Description
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.  
Reject
 
CVSS Version
2  
CVSS Score
7.1  
Severity
High  
CVSS Base Score
7.1  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:N/A:C)  
Pub Date
2017-01-19  
Published
2016-10-27  
Modified Date
2016-12-22  
Seq
2016-6431  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
115235 21205 CVE-2016-6431 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca  View
115236 21205 CVE-2016-6431 93786  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
4881 JVNDB-2016-005654 Cisco ASA ソフトウェアのローカル認証局機能におけるサービス運用妨害 (DoS) の脆弱性 Cisco ASA ソフトウェアのローカル認証局 (CA) 機能には、サービス運用妨害 (システムのリロード) 状態にされる脆弱性が存在します。 CVE-2016-6431 92938 CVE-2016-6431 21205 7.1 7.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-005654.html 2016-10-19 2016-11-01 View