Vulnerability Name:

CVE-2008-2057 (CCN-42837)

Assigned:2008-06-04
Published:2008-06-04
Updated:2018-10-30
Summary:The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-2057

Source: CCN
Type: SA30552
Cisco ASA and PIX Security Appliances Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30552

Source: CCN
Type: SECTRACK ID: 1020180
Cisco PIX Firewall Bug in IM Inspection Engine Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1020180

Source: CCN
Type: SECTRACK ID: 1020181
Cisco ASA Bug in IM Inspection Engine Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1020181

Source: CISCO
Type: Patch
20080604 Multiple Vulnerabilities in Cisco PIX and Cisco ASA

Source: CCN
Type: cisco-sa-20080604-asa
Multiple Vulnerabilities in Cisco PIX and Cisco ASA

Source: CCN
Type: OSVDB ID: 46026
Cisco PIX / ASA Instant Messenger (IM) Inspection Engine Crafted Packet Remote DoS

Source: VUPEN
Type: UNKNOWN
ADV-2008-1750

Source: XF
Type: UNKNOWN
cisco-asa-pix-im-dos(42837)

Source: XF
Type: UNKNOWN
cisco-asa-pix-im-dos(42837)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:adaptive_security_appliance_software:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:pix_security_appliance:7.2:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:pix_security_appliance:8.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:cisco:adaptive_security_appliance:8.1:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:pix_security_appliance:7.1:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:pix_security_appliance:7.2:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:pix_security_appliance:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco adaptive security appliance software 7.2.2
    cisco adaptive security appliance software 8.0
    cisco pix security appliance 7.2
    cisco pix security appliance 8.0
    cisco adaptive security appliance 8.1
    cisco pix security appliance 7.1
    cisco pix security appliance 7.2
    cisco pix security appliance 8.0