CVE-2016-1385

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions through 9.5.2

Description The issue concerns the XML parser in the software, allowing remote authenticated users to cause a denial of service, which may result in instability, memory consumption, or device reload. This can be achieved by providing a crafted XML document, either through administrative access or Clientless SSL VPN access.

Recommendations For versions through 9.5.2, consider restricting access to the XML parser functionality until a fix is available. As a temporary workaround, limit administrative and Clientless SSL VPN access to trusted users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.