Advisory ID: cisco-sa-20160517-asa-vpn Severity: Medium First Published: 2016 May 17 14:00 GMT CVE ID: CVE-2016-1379 CVSS Score: Base 6.3, Temporal 5.2 Summary: - The vulnerability in Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated remote attacker to cause a memory block depletion. - The vulnerability is due to an error in ICMP error handling implementation. - Successful exploitation could result in a DoS condition. - No workarounds are available. Affected Products: - Cisco ASA Software releases 9.0 and later are affected. - Clientless VPN or AnyConnect SSL VPN is not affected. Fixed Software: - Customers should upgrade to appropriate releases indicated in the advisory. Exploitation and Public Announcements: - No public announcements or malicious use reported by PSIRT.