Crlf injection

A vulnerability in the Clientless SSL VPN WebVPN of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to...

U.S. Dept Of Defense: Read-only path traversal (CVE-2020-3452) at https://█████

Summary: I discovered a vulnerability Read-only path traversal CVE-2020-3452 at https://███████ Description: A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote...

U.S. Dept Of Defense: ███ is vulnerable to CVE-2020-3452 Read-Only Path Traversal Vulnerability

Summary: ████████ is vulnerable to Read-Only Path Traversal Vulnerability as described at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Description: Get request parameters at the /+CSCOT+/translation-table and the /+CSCOT+/oem-customization...

Palo Alto Networks PAN-OS 7.1.x < 7.1.26 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.26 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability exists when visiting malicious websites...

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

CVE-2020-15069

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2020-32243)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A cross-site scripting vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to hijack a user's active session when the user accesses a malicious websit...

CVE-2020-2005

A cross-site scripting XSS vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0...

CVE-2020-2005

CVE-2020-2005 affects Palo Alto Networks PAN-OS GlobalProtect Clientless VPN, with an XSS vulnerability that can compromise a user’s active session when visiting malicious sites. Affected: PAN-OS 7.1.x (&lt;7.1.26), 8.0.x (&lt;8.1.13), 8.1.x (&lt;8.1.13), and 9.0.x (

Cato SDP: Cloud-Scale and Global Remote Access Solution Review

The Scouts acknowledged the necessity to "Be Prepared" over 100 years ! ago; the industry should have, as well. Yet COVID-19 took businesses – more like the entire world – by surprise. Very few were prepared for the explosion of remote access, and the challenge of instantly shifting an entire...

Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software Cross-Site Scripting Vulnerability

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

Cisco Adaptive Security Appliance VPN SAML Authentication Bypass Vulnerability (cisco-sa-20190501-asaftd-saml-vpn)

According to its self-reported version the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by an authentication bypass vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and...

Cisco Adaptive Security Appliance Software DoS (cisco-sa-20181003-asa-syslog-dos)

According to its self-reported version, the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and allows an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to a...

Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...

PT-2018-3930 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the TCP syslog module could allow an unauthenticated,...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

Cisco ASA Cross-Site Scripting Vulnerability

Cisco 3000 Series Industrial Security Appliances etc. are different series of security appliances from Cisco.Adaptive Security Appliance ASA Software is one of the operating systems.Clientless Secure Sockets Layer SSL VPN is one of the SSL Secure Sockets Layer VPN applications. A cross-site...

PT-2018-3939 · Cisco · Asa 5500-X Series Next-Generation Firewalls +6

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified 3000 Series Industrial Security Appliances affected versions not specified Adaptive Security Virtual Appliance ASAv affected versions not specified ASA 5500 Series...

CVE-2017-3807

A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem CIFS code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this...