CVE-2015-0677

high

Published 2015-04-13 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.8

VIR risk

7.8

Description

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
http://www.securitytracker.com/id/1032045
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa
http://www.securitytracker.com/id/1032045

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.