29 matches found
Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability
A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...
Cisco ASA and FWSM Security Advisories
Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...
CVE-2017-3807
A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An...
Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...
PT-2017-2272 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions 9.0 through 9.6 Description: The issue is caused by insufficient validation of user-supplied input and a heap overflow in the Common Internet Filesystem CIFS code of the Clientless SSL VPN functionality. This could...
Hackers Backdooring Cisco WebVPN To Steal Customers’ Passwords
Virtual Private Networks VPNs, which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN produc...
CVE-2014-3393
The CVE-2014-3393 issue affects Cisco ASA Software’s Clientless SSL VPN Portal Customization framework. The vulnerability arises from improper authentication checks in the portal customization framework, allowing an unauthenticated, remote attacker to modify RAMFS customization objects and potent...
Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa)
The remote Cisco ASA device is affected by one or more of the following vulnerabilities : - A flaw exists in the SQLNET Inspection Engine due to improper handling of SQL REDIRECT packets. An attacker can exploit this vulnerability by sending a crafted sequence of REDIRECT packets through the...
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting XSS, and other types of...