This script is Copyright (C) 2016 Tenable Network Security, Inc.
The web application running on the remote web server is affected by a
denial of service vulnerability.
The version of Cisco Security Manager running on the remote web server
is 4.9.x prior to 4.9(0.397) or 4.10.x prior to 4.10(0.189). It is,
therefore, affected by a NULL pointer dereference flaw in file
rsa_ameth.c due to improper handling of ASN.1 signatures that are
missing the PSS parameter. A remote attacker can exploit this to cause
the signature verification routine to crash, resulting in a denial of
See also :
Upgrade to Cisco Security Manager version 4.9(0.397) / 4.10(0.189) or
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false