{"containers": {"cna": {"affected": [{"product": "all versions of the ASA CX Context-Aware Security module", "vendor": "n/a", "versions": [{"status": "affected", "version": "all versions of the ASA CX Context-Aware Security module"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-02-10T21:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "95788", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas"}, {"name": "1037696", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037696"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-9225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "all versions of the ASA CX Context-Aware Security module", "version": {"version_data": [{"version_value": "all versions of the ASA CX Context-Aware Security module"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "95788", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95788"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas"}, {"name": "1037696", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037696"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:11.088Z"}, "title": "CVE Program Container", "references": [{"name": "95788", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95788"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas"}, {"name": "1037696", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037696"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-9225", "datePublished": "2017-02-01T19:00:00", "dateReserved": "2016-11-06T00:00:00", "dateUpdated": "2024-08-06T02:42:11.088Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBC9743A-641F-4F0A-97FC-5DF8B0333222", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*", "matchCriteriaId": "F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A81A0E90-9200-436C-81BC-FA4BF745EEDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*", "matchCriteriaId": "13B6FFEA-4F46-4D20-9821-FE32B57F6145", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*", "matchCriteriaId": "6A4AE8C1-9BD1-491A-9835-D95F4D90F496", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*", "matchCriteriaId": "A0710827-10AD-4DE9-BB0F-B4D072DDC8DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*", "matchCriteriaId": "96F09A7A-9A3D-4D73-912A-2B01CEABEFBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*", "matchCriteriaId": "0AA36AEA-6516-41DD-90D3-0504A4CB5231", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*", "matchCriteriaId": "68C47683-C68B-4B84-80F6-FDFF9156991C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*", "matchCriteriaId": "AEFA5ADA-E573-447B-AFD9-E37682B57BD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.2-1:*:*:*:*:*:*:*", "matchCriteriaId": "E5E0F299-9B0A-46A2-83A2-EEB3E6D2B828", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\(1.1.112\\):*:*:*:*:*:*:*", "matchCriteriaId": "1EA695E3-7E4E-4ECA-8BF6-4B2024DA15D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*", "matchCriteriaId": "BBAD7032-2FD8-4FAE-8A77-0488EE8ECAF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*", "matchCriteriaId": "C5E3D601-FE3F-433A-84BD-6F070000BAE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.3.1-13:*:*:*:*:*:*:*", "matchCriteriaId": "90ADCF2B-BD2C-48D3-9507-B0C82D6FDADA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-1:*:*:*:*:*:*:*", "matchCriteriaId": "63B17493-3AD5-4699-A2D3-9F3B4BB3631C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-2:*:*:*:*:*:*:*", "matchCriteriaId": "58C171D9-0EFF-43DC-AF02-D3B8A2DFACF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-3:*:*:*:*:*:*:*", "matchCriteriaId": "055252B1-ABEA-4894-A84C-F9D75416346D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-4:*:*:*:*:*:*:*", "matchCriteriaId": "9576E0A1-2184-4136-B161-D168FB7790A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-5:*:*:*:*:*:*:*", "matchCriteriaId": "A11720CA-D957-4F51-9388-3BE795E5D1C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-6:*:*:*:*:*:*:*", "matchCriteriaId": "1A8EB3C3-7B09-4413-857A-0092FE1EB182", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "AEE236E6-BA43-47CD-BCE0-7BEFE9662B20", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*", "matchCriteriaId": "4D9B6425-12DD-44F4-9708-7D7529CB1DE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946."}, {"lang": "es", "value": "Una vulnerabilidad en el manejador de fragmentos de IP de plano de datos del m\u00f3dulo CX Context-Aware Security de Cisco Adaptive Security Appliance (ASA) podr\u00edan permitir a un atacante remoto no autenticado provocar que el m\u00f3dulo CX no pudiera procesar m\u00e1s tr\u00e1fico, resultando en una denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a un manejo inadecuado de fragmentos IP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de tr\u00e1fico IP fragmentado manipulado a trav\u00e9s del m\u00f3dulo CX. Un exploit podr\u00eda permitir al atacante agotar los b\u00fafers de paquetes libres en la SHM, haciendo que el m\u00f3dulo CX no pueda procesar m\u00e1s tr\u00e1fico, resultando en una condici\u00f3n DoS. Esta vulnerabilidad afecta a todas las versiones del m\u00f3dulo ASA CX Context-Aware Security. Cisco no ha lanzado y no lanzar\u00e1 actualizaciones de software que aborden esta vulnerabilidad. No existen soluciones provisionales que aborden esta vulnerabilidad. ID de errores de Cisco: CSCva62946"}], "id": "CVE-2016-9225", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-01T19:59:00.157", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95788"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037696"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}