CVE-2013-6682

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.0.3.6 and earlier

Description The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software does not properly validate X.509 certificates, allowing remote attackers to cause a denial of service (connection-database corruption) via an invalid entry. This issue could allow an unauthenticated, remote attacker to temporarily insert an invalid entry in the phone proxy connection database.

Recommendations For versions 9.0.3.6 and earlier, update to a version that properly validates X.509 certificates to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.