EUVD-2014-0769

Malware in sbrugna...

June 18, 2019—KB4501371 (OS Build 17763.592)

June 18, 2019—KB4501371 OS Build 17763.592 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you g...

Cisco ASA libsrtp DoS (CSCux00686)

The remote Cisco Adaptive Security Appliance ASA is missing vendor-supplied security patches, and it is configured to use the Phone Proxy feature. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol SRTP library due to improper validation of...

CVE-2014-0738

The Phone Proxy component in Cisco Adaptive Security Appliance ASA Software 9.1.3 and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List CTL file, aka Bug ID CSCuj66770...

Race condition

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance ASA Software 9.1.3 and earlier allows remote attackers to bypass secdb authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj6676...

Authentication flaw

The Phone Proxy component in Cisco Adaptive Security Appliance ASA Software 9.1.3 and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List CTL file, aka Bug ID CSCuj66770...

CVE-2014-0738

The CVE-2014-0738 issue affects Cisco ASA with the Phone Proxy component, where an unauthenticated, remote attacker can bypass authentication and alter trust by injecting a Certificate Trust List (CTL). Affected software is ASA 9.1(.3) and earlier. The vulnerability stems from CTL file authentica...

CVE-2014-0739

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance ASA Software 9.1.3 and earlier allows remote attackers to bypass secdb authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj6676...

CVE-2014-0738

The Phone Proxy component in Cisco Adaptive Security Appliance ASA Software 9.1.3 and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List CTL file, aka Bug ID CSCuj66770...

Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability

A vulnerability in the TFTP request function of the Phone Proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to pass traffic from an untrusted phone through the ASA. The vulnerability is due to a limitation in processing the TFTP request for...

Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability

A vulnerability in the Phone Proxy function of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the trust of the Certificate Trust List CTL of a remote IP phone. The vulnerability is due to insufficient authentication of the CTL file. An attacker...

PT-2014-3802 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 9.1.3 and earlier Description: The issue allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List CTL file. This could enable...

PT-2014-3803 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 9.1.3 and earlier Description: A race condition in the Phone Proxy component allows remote attackers to bypass sec db authentication and provide certain pass-through services to untrusted...

Cisco Adaptive Security Appliance Phone Proxy Database Entry Manipulation Vulnerability

A vulnerability in the phone proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to temporarily insert an invalid entry in the phone proxy connection database. The vulnerability is due to the acceptance of an untrusted certificate. An attacke...

PT-2013-6071 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 9.0.3.6 and earlier Description: The phone-proxy implementation in Cisco Adaptive Security Appliance ASA Software does not properly validate X.509 certificates, allowing remote attackers...

Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20110223-asa)

The remote Cisco ASA device is missing a security patch and may be affected by the following issues : - When configured for transparent firewall mode, a packet buffer exhaustion vulnerability could cause the appliance to stop forwarding traffic. CVE-2011-0393 - When SCCP inspection is enabled, a...

Code injection

Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 before 8.05.20, 8.1 before 8.12.48, 8.2 before 8.23, and 8.3 before 8.32.1, when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service device reload...

CVE-2011-0395

Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.0 before 8.05.20, 8.1 before 8.12.48, 8.2 before 8.23, and 8.3 before 8.32.1, when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service device reload...

CVE-2011-0395

Cisco ASA 5500 Series devices are affected by CVE-2011-0395 when RIP is enabled together with the Cisco Phone Proxy feature. The issue allows remote attackers to trigger a denial of service (device reload) via crafted RIP updates. Affected software versions include 8.0 before 8.0(5.20), 8.1 befor...

PT-2011-2317 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.0 through 8.05.19 Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.1 through 8.12.47 Cisco Adaptive Security Appliances ASA 5500 series devices version...