VDB
CVE-2015-0677
CVE-2015-0677
PUBLISHED
CVSS 7.800000190734863 HIGH
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.
EPSS 1.05% · 77.9th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
1.05%
77.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | adaptive_security_appliance_software | 8.4.6, 8.4.1, 8.4.1.3 |
| n/a | n/a | n/a |
Exploit Intelligence
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- 1032045 (circl)
- 20150408 Multiple Vulnerabilities in Cisco ASA Software (circl)
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- 1032045 vdb
- 20150408 Multiple Vulnerabilities in Cisco ASA Software vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-0677 advisory