Total
96 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3458 | 1 Cisco | 10 Adaptive Security Appliance, Firepower 1010, Firepower 1120 and 7 more | 2020-10-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots. | |||||
CVE-2020-3555 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2020-10-27 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device. | |||||
CVE-2020-3554 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2020-10-27 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device. | |||||
CVE-2020-3436 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2020-10-26 | 7.8 HIGH | 8.6 HIGH |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition. | |||||
CVE-2019-12676 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2020-10-08 | 3.3 LOW | 7.4 HIGH |
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. | |||||
CVE-2019-12693 | 1 Cisco | 11 Adaptive Security Appliance, Asa 5505, Asa 5510 and 8 more | 2020-10-08 | 4.0 MEDIUM | 4.9 MEDIUM |
A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to the use of an incorrect data type for a length variable. An attacker could exploit this vulnerability by initiating the transfer of a large file to an affected device via SCP. To exploit this vulnerability, the attacker would need to have valid privilege level 15 credentials on the affected device. A successful exploit could allow the attacker to cause the length variable to roll over, which could cause the affected device to crash. | |||||
CVE-2019-12698 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2020-10-08 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. | |||||
CVE-2020-3334 | 1 Cisco | 6 Adaptive Security Appliance, Firepower 2110, Firepower 2120 and 3 more | 2020-05-15 | 6.1 MEDIUM | 7.4 HIGH |
A vulnerability in the ARP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of ARP packets received by the management interface of an affected device. An attacker could exploit this vulnerability by sending a series of unicast ARP packets in a short timeframe that would reach the management interface of an affected device. A successful exploit could allow the attacker to consume resources on an affected device, which would prevent the device from sending internal system keepalives and eventually cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
CVE-2020-3305 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2020-05-14 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP packets. An attacker could exploit this vulnerability by sending a crafted BGP packet. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2020-3306 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2020-05-14 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2020-3125 | 1 Cisco | 25 Adaptive Security Appliance, Asa 5505, Asa 5505 Firmware and 22 more | 2020-05-13 | 6.8 MEDIUM | 9.8 CRITICAL |
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication. | |||||
CVE-2020-3196 | 1 Cisco | 26 Adaptive Security Appliance, Asa 5505, Asa 5505 Firmware and 23 more | 2020-05-13 | 5.0 MEDIUM | 8.6 HIGH |
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. | |||||
CVE-2020-3254 | 1 Cisco | 26 Adaptive Security Appliance, Asa 5505, Asa 5505 Firmware and 23 more | 2020-05-12 | 7.8 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device. | |||||
CVE-2020-3303 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2020-05-12 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2020-3298 | 1 Cisco | 10 Adaptive Security Appliance, Asa 5506-x, Asa 5506h-x and 7 more | 2020-05-12 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory protection mechanisms while processing certain OSPF packets. An attacker could exploit this vulnerability by sending a series of malformed OSPF packets in a short period of time to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. | |||||
CVE-2019-12695 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2019-10-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
CVE-2019-12678 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. | |||||
CVE-2019-12673 | 1 Cisco | 12 Adaptive Security Appliance, Asa 5505, Asa 5510 and 9 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2017-12265 | 1 Cisco | 1 Adaptive Security Appliance | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. The vulnerability exists in the Cisco Adaptive Security Appliance (ASA) Software when the WEBVPN feature is enabled. Cisco Bug IDs: CSCve91068. | |||||
CVE-2017-3867 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). |