There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the…
Absolute·CWE-762·Published 2025-06-12
There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity.
There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity.
Existe una vulnerabilidad de gestión de memoria en las versiones 9.0 a 13.54 del servidor Absolute Secure Access. Los atacantes con acceso de red al servidor pueden provocar una denegación de servicio (DPS) mediante el envío de una secuencia de paquetes especialmente manipulada. La complejidad del ataque es baja; no requiere requisitos de ataque, privilegios ni interacción del usuario. La pérdida de disponibilidad es alta; no afecta a la confidencialidad ni a la integridad.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 4.0 | Primary | cve.org | 8.7 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 8.7 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |