CVE-2013-6707

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software version 9.1.3 and earlier

Description A memory leak in the connection-manager implementation allows remote attackers to cause a denial of service, resulting in a multi-protocol management outage. This can be achieved by making multiple management session requests via protocols such as SSH, Telnet, HTTP, and HTTPS, causing the system to become unresponsive to management session requests.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software version 9.1.3 and earlier, consider restricting access to management session requests until a fix is available. As a temporary workaround, limit the number of concurrent management sessions to minimize the risk of exploitation. Avoid using the affected connection-manager implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.