Lucene search

K

Cisco FirePOWER Services Software For ASA Security Vulnerabilities

cve
cve

CVE-2024-20355

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

5CVSS

6.8AI Score

0.0004EPSS

2024-05-22 05:16 PM
35
cve
cve

CVE-2022-20928

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due....

5.8CVSS

5.8AI Score

0.001EPSS

2022-11-15 09:15 PM
42
5
cve
cve

CVE-2022-20927

A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory....

7.7CVSS

6.4AI Score

0.001EPSS

2022-11-15 09:15 PM
69
5
cve
cve

CVE-2022-20918

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow....

7.5CVSS

7.5AI Score

0.002EPSS

2022-11-15 09:15 PM
62
5
cve
cve

CVE-2022-20828

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This...

7.2CVSS

7.5AI Score

0.137EPSS

2022-06-24 04:15 PM
74
6
cve
cve

CVE-2022-20745

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due....

8.6CVSS

7.6AI Score

0.001EPSS

2022-05-03 04:15 AM
94
2
cve
cve

CVE-2022-20759

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability...

8.8CVSS

8.8AI Score

0.001EPSS

2022-05-03 04:15 AM
221
3
cve
cve

CVE-2021-1493

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary...

8.5CVSS

7.2AI Score

0.001EPSS

2021-04-29 06:15 PM
38
8
cve
cve

CVE-2020-3583

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of....

6.1CVSS

5.9AI Score

0.002EPSS

2020-10-21 07:15 PM
65
cve
cve

CVE-2020-3581

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of....

6.1CVSS

5.9AI Score

0.002EPSS

2020-10-21 07:15 PM
53
cve
cve

CVE-2020-3582

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of....

6.1CVSS

5.9AI Score

0.002EPSS

2020-10-21 07:15 PM
65
cve
cve

CVE-2020-3580

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of....

6.1CVSS

6.2AI Score

0.971EPSS

2020-10-21 07:15 PM
1008
In Wild
75
cve
cve

CVE-2020-3259

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential.....

7.5CVSS

7.7AI Score

0.027EPSS

2020-05-06 05:15 PM
138
In Wild
cve
cve

CVE-2020-3196

A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading....

8.6CVSS

8.4AI Score

0.002EPSS

2020-05-06 05:15 PM
25
cve
cve

CVE-2019-1980

A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

5.3CVSS

5.4AI Score

0.001EPSS

2019-11-05 08:15 PM
23
cve
cve

CVE-2019-1981

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

5.8CVSS

5.7AI Score

0.001EPSS

2019-11-05 08:15 PM
27
cve
cve

CVE-2019-1978

A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

5.8CVSS

5.7AI Score

0.01EPSS

2019-11-05 08:15 PM
46
4
cve
cve

CVE-2019-1982

A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to....

5.3CVSS

5.3AI Score

0.001EPSS

2019-11-05 08:15 PM
24
cve
cve

CVE-2018-0296

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA...

7.5CVSS

7.8AI Score

0.974EPSS

2018-06-07 12:29 PM
1045
In Wild
9
cve
cve

CVE-2018-0233

A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a...

8.6CVSS

8.3AI Score

0.001EPSS

2018-04-19 08:29 PM
21
cve
cve

CVE-2018-0227

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification...

7.5CVSS

8.1AI Score

0.001EPSS

2018-04-19 08:29 PM
33
2
cve
cve

CVE-2018-0240

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of...

8.6CVSS

8.5AI Score

0.002EPSS

2018-04-19 08:29 PM
47
3
cve
cve

CVE-2018-0228

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is...

8.6CVSS

8.5AI Score

0.004EPSS

2018-04-19 08:29 PM
60
cve
cve

CVE-2018-0229

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow.....

6.5CVSS

7.3AI Score

0.002EPSS

2018-04-19 08:29 PM
58
cve
cve

CVE-2018-0231

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS)...

8.6CVSS

8.6AI Score

0.003EPSS

2018-04-19 08:29 PM
59
cve
cve

CVE-2018-0101

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a.....

10CVSS

9.6AI Score

0.942EPSS

2018-01-29 08:29 PM
274
4
cve
cve

CVE-2017-12244

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is...

8.6CVSS

8.5AI Score

0.001EPSS

2017-10-05 07:29 AM
38
cve
cve

CVE-2017-12246

A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is.....

8.6CVSS

8.5AI Score

0.002EPSS

2017-10-05 07:29 AM
31
cve
cve

CVE-2017-6608

A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could...

8.6CVSS

8.6AI Score

0.003EPSS

2017-04-20 10:59 PM
24
cve
cve

CVE-2016-6368

A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability....

8.6CVSS

8.4AI Score

0.004EPSS

2017-04-20 10:59 PM
21
cve
cve

CVE-2017-6607

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker.....

8.7CVSS

8.7AI Score

0.005EPSS

2017-04-20 10:59 PM
29
2
cve
cve

CVE-2017-6610

A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1...

7.7CVSS

7.5AI Score

0.002EPSS

2017-04-20 10:59 PM
28
cve
cve

CVE-2017-6609

A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets...

7.7CVSS

7.6AI Score

0.002EPSS

2017-04-20 10:59 PM
26
cve
cve

CVE-2016-9209

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER...

4.3CVSS

4.7AI Score

0.001EPSS

2016-12-14 12:59 AM
16