Lucene search
K
CiscoAdaptive Security Appliance

63 matches found

CVE
CVE
added 2022/04/21 6:50 p.m.128 views

CVE-2022-20795

The CVE-2022-20795 issue affects Cisco ASA/FTD DTLS handling during AnyConnect SSL VPN, where suboptimal DTLS tunnel processing can be exploited by an unauthenticated remote attacker to cause high CPU utilization and a DoS. Affected software runs DTLS as part of establishing VPN tunnels; payload ...

7.5CVSS6.4AI score0.00666EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.124 views

CVE-2023-20107

Cisco CVE-2023-20107 affects Cisco ASA (5506-X, 5508-X, 5516-X) ASA Software and Cisco FTD Software due to insufficient entropy in the deterministic random bit generator (DRBG/PRNG) used for cryptographic key generation. The root cause is low entropy in DRBG on affected hardware, enabling an unau...

7.5CVSS5.6AI score0.00717EPSS
CVE
CVE
added 2020/10/21 6:35 p.m.108 views

CVE-2020-3529

The CVE-2020-3529 issue affects Cisco ** ASA** and FTD software. It is a vulnerability in the SSL VPN negotiation process caused by inefficient direct memory access (DMA) memory management during SSL VPN negotiation. An unauthenticated, remote attacker could send a steady stream of crafted DTLS t...

8.6CVSS7.9AI score0.01833EPSS
CVE
CVE
added 2020/10/21 6:41 p.m.102 views

CVE-2020-3554

CVE-2020-3554 affects Cisco ASA and FTD TCP packet processing due to a memory exhaustion condition, allowing unauthenticated remote DoS via high-rate crafted TCP traffic. Real-world impact per sources: potential exhaustion of device resources and DoS for transit traffic. Connected advisories conf...

8.6CVSS7.5AI score0.02633EPSS
CVE
CVE
added 2020/10/21 6:35 p.m.101 views

CVE-2020-3528

CVE-2020-3528 describes a DoS vulnerability in the OSPFv2 implementation of Cisco ASA and Firepower Threat Defense (FTD) software. The issue arises from incomplete input validation when processing certain OSPFv2 packets with Link-Local Signaling (LLS) data, which could allow an unauthenticated, r...

8.6CVSS8AI score0.01415EPSS
CVE
CVE
added 2020/10/21 6:40 p.m.97 views

CVE-2020-3572

CVE-2020-3572 is a memory-leak DoS in the SSL/TLS session handler of Cisco ASA and Firepower Threat Defense (FTD) software. The root cause is a memory leak when closing SSL/TLS connections in a specific state; an unauthenticated, remote attacker can exhaust device memory by creating and closing m...

8.6CVSS8.4AI score0.01742EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.97 views

CVE-2021-40117

CVE-2021-40117 affects Cisco ASA and Firepower Threat Defense (FTD) Software. The issue is in the SSL/TLS message handler where incoming packets are not properly processed, allowing an unauthenticated remote attacker to trigger a reload of the device and cause a denial-of-service (DoS). Exploitat...

8.6CVSS7.8AI score0.01482EPSS
CVE
CVE
added 2020/10/21 6:40 p.m.93 views

CVE-2020-3564

CVE-2020-3564 affects Cisco ASA/FTD FTP inspection engine. Root cause: ineffective flow tracking of FTP traffic allows an unauthenticated, remote attacker to bypass FTP inspection and complete FTP connections. Affected products include Cisco ASA Software and Cisco FTD Software. In practice, explo...

5.8CVSS5.3AI score0.01313EPSS
CVE
CVE
added 2022/01/11 6:55 p.m.93 views

CVE-2021-1573

Cisco CVE-2021-1573 affects the web services interface of ASA Software and FTD Software. An unauthenticated remote attacker can trigger a DoS by sending crafted HTTPS requests, due to improper input validation when parsing HTTPS requests, causing the device to reload. Affected products: Cisco ASA...

8.6CVSS7.9AI score0.01307EPSS
CVE
CVE
added 2020/10/21 6:36 p.m.92 views

CVE-2020-3304

CVE-2020-3304 affects Cisco ASA and Firepower Threat Defense (FTD) web interfaces. The issue stems from improper HTTP input validation, allowing an unauthenticated, remote attacker to craft an HTTP request that can trigger a reload of the affected device, causing a DoS. Impact is limited to the w...

8.6CVSS8.4AI score0.0381EPSS
CVE
CVE
added 2020/10/21 6:41 p.m.91 views

CVE-2020-3561

CVE-2020-3561 affects Cisco ASA/FTD WebVPN (Clientless SSL VPN). The issue is a result of improper input sanitization that enables unauthenticated, remote CRLF header injection when a user is lured to click a crafted link, allowing arbitrary HTTP headers to be injected and potential redirection. ...

4.7CVSS4.9AI score0.01264EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.90 views

CVE-2021-40118

CVE-2021-40118 affects Cisco ASA/FTD web services. The vulnerability arises from improper input validation when parsing HTTPS requests, allowing an unauthenticated, remote attacker to trigger a DoS condition by sending a malicious HTTPS request, potentially causing the device to reload. The issue...

8.6CVSS7.9AI score0.01307EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.89 views

CVE-2021-34793

CVE-2021-34793 is a DoS vulnerability in Cisco ASA/FTD software (transparent mode) due to improper handling of certain TCP segments by the TCP Normalizer, allowing an unauthenticated remote attacker to poison MAC address tables and disrupt networks. Affected products include Cisco ASA and Cisco F...

8.6CVSS8.4AI score0.00649EPSS
CVE
CVE
added 2020/10/21 6:36 p.m.88 views

CVE-2020-3436

The CVE-2020-3436 vulnerability affects Cisco ASA/FTD Web Services: an unauthenticated attacker can upload arbitrarily large files to specific folders, triggering a watchdog timeout and an unexpected device reload (DoS) due to inefficient handling of large file writes. Affected products are Cisco...

8.6CVSS8.4AI score0.01895EPSS
CVE
CVE
added 2020/09/23 12:27 a.m.85 views

CVE-2019-15992

CVE-2019-15992 is a remote code execution vulnerability in the Lua interpreter used by Cisco ASA and Cisco FTD software. It arises from insufficient restrictions on Lua function calls in user-supplied scripts, which could allow an authenticated, remote attacker to trigger a heap overflow and exec...

9CVSS7.2AI score0.04122EPSS
CVE
CVE
added 2009/12/04 11:0 a.m.81 views

CVE-2009-2631

CVE-2009-2631 describes a design-level flaw in multiple clientless SSL VPN products (e.g., Stonesoft StoneGate, Cisco ASA, SonicWALL E-Class SSL VPN, Citrix Access Gateway, Juniper Secure Access, Nortel CallPilot, SafeNet SecureWire) where, if configured to access resources from a different domai...

6.8CVSS6.2AI score0.05134EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.81 views

CVE-2019-12678

The CVE-2019-12678 issue affects Cisco ASA/FTD SIP inspection: an unauthenticated remote attacker can send malicious SIP packets to trigger an integer underflow in the SIP parsing module, causing the device to read unmapped memory and crash. Root cause: improper SIP message parsing in the SIP ins...

8.6CVSS7.5AI score0.01824EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.79 views

CVE-2019-12695

CVE-2019-12695 affects Cisco ASA and Cisco Firepower Threat Defense (FTD) WebVPN portals. The issue arises from insufficient validation of user-supplied input in the web-based management interface, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and execut...

6.1CVSS6AI score0.01057EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.79 views

CVE-2019-12698

Cisco ASA Software and Cisco FTD WebVPN CPU Denial of Service (CVE-2019-12698) allows unauthenticated remote attackers to trigger high CPU by repeated WebVPN HTTP page requests, causing DoS. Affected ASA/FTD versions are mitigated by Cisco software updates; there are no supported workarounds per ...

7.8CVSS6.1AI score0.01967EPSS
CVE
CVE
added 2009/06/25 5:0 p.m.78 views

CVE-2009-1201

Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...

4.3CVSS6AI score0.08828EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.77 views

CVE-2021-34791

Cisco ASA and Firepower Threat Defense (FTD) software contain multiple ALG/NAT bypass vulnerabilities (NAT Slipstreaming) due to an incorrect implementation of security checks in the ALG/NAT handling, allowing unauthenticated remote actors to bypass the ALG and open unauthorized connections behin...

5.3CVSS5.3AI score0.011EPSS
CVE
CVE
added 2020/05/06 4:42 p.m.73 views

CVE-2020-3306

CVE-2020-3306 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) DHCP module. The root cause is incorrect processing of certain DHCP packets, which an unauthenticated remote attacker can exploit by sending a crafted DHCP packet to cause an on-device denial of service. Public docu...

7.8CVSS7AI score0.01233EPSS
CVE
CVE
added 2011/02/25 11:0 a.m.72 views

CVE-2011-0396

CVE-2011-0396 affects Cisco ASA 5500 Series devices with ASA software versions 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13). When a Certificate Authority (CA) is configured, remote attackers could read arbitrary files via unspecified vectors. This vuln...

7.8CVSS7AI score0.01401EPSS
CVE
CVE
added 2009/04/01 6:0 p.m.69 views

CVE-2009-1220

Cisco ASA WebVPN Cross-Site Scripting (CVE-2009-1220) affects WebVPN clientless mode on ASA 5520 with software 7.2(4)30 and older 7.2x and 8.0x (e.g., 8.0(4)28 and earlier). Root cause: improper input validation in index.html allows injecting script via the Host HTTP header, enabling remote XSS. ...

4.3CVSS5.9AI score0.09008EPSS
CVE
CVE
added 2020/05/06 4:42 p.m.69 views

CVE-2020-3305

The CVE-2020-3305 issue affects Cisco ASA and Firepower Threat Defense (FTD) where the BGP module incorrectly processes certain BGP packets. An unauthenticated, remote attacker can craft BGP traffic to trigger a denial of service on the affected device. Multiple connected documents corroborate a ...

7.8CVSS7AI score0.01233EPSS
CVE
CVE
added 2020/10/21 6:37 p.m.69 views

CVE-2020-3599

CVE-2020-3599 affects Cisco ASA’s web-based management interface, where unauthenticated remote attackers can trigger a reflected XSS via crafted links due to improper input validation. The issue impacts ASA Web UI components and could allow executing script in the interface context or exposing br...

6.1CVSS6AI score0.00823EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.68 views

CVE-2019-12676

CVE-2019-12676 affects Cisco ASA/FTD OSPF LSA processing. An unauthenticated adjacent attacker can send crafted OSPF LSA type 11 packets to trigger a device reload, causing DoS for routed traffic. Root cause: improper parsing of OSPF LSA type 11 options in ASA/FTD software. Impact: reload of the ...

7.4CVSS7.3AI score0.00507EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.67 views

CVE-2010-2816

CVE-2010-2816 is a Cisco ASA 5500 Series DoS vulnerability in the SIP inspection feature. An unauthenticated, network-scoped attacker can trigger a device reload by sending crafted SIP packets. Affected software versions are ASA 5500 Series with 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2...

7.8CVSS6.8AI score0.02496EPSS
CVE
CVE
added 2020/10/21 6:41 p.m.67 views

CVE-2020-3555

The CVE-2020-3555 issue affects Cisco ASA and Cisco Firepower Threat Defense (FTD) SIP inspection. The root cause is a watchdog timeout during cleanup of threads tied to a SIP connection being removed from the connection list, which can be triggered by a high rate of crafted SIP traffic. The impa...

7.8CVSS7AI score0.0166EPSS
CVE
CVE
added 2009/06/25 5:0 p.m.66 views

CVE-2009-1202

Cisco ASA Web VPN vulnerability CVE-2009-1202 affects ASA software 8.0(4), 8.1.2, and 8.2.1. The issue arises in the Web VPN DOM wrapper and URL rewriting: Rot13-encoded/hex-encoded URL parameters can be manipulated to bypass protections and trigger Cross-Site Scripting (XSS) in the browser. Trus...

4.3CVSS5.7AI score0.01984EPSS
CVE
CVE
added 2011/02/25 11:0 a.m.66 views

CVE-2011-0394

The CVE-2011-0394 issue affects Cisco ASA 5500 series (software 7.0 before 7.0(8.11); 7.1/7.2 before 7.2(5.1); 8.0 before 8.0(5.19); 8.1 before 8.1(2.47); 8.2 before 8.2(2.19); 8.3 before 8.3(1.8)); Cisco PIX 500 series; and Cisco FWSM 3.1/3.2/4.0/4.1. It allows remote attackers to cause a device...

7.8CVSS6.7AI score0.03442EPSS
CVE
CVE
added 2009/06/25 5:0 p.m.65 views

CVE-2009-1203

Cisco ASA Web VPN Credential Theft (CVE-2009-1203): Affected ASA Web VPN on software 8.0(4), 8.1.2, and 8.2.1 could not distinguish its login screen from third‑party FTP/CIFS login prompts, enabling remote attackers to coax users into submitting credentials to an attacker‑controlled server via cr...

6CVSS6.8AI score0.03776EPSS
CVE
CVE
added 2013/01/18 9:0 p.m.65 views

CVE-2012-5717

CVE-2012-5717 affects Cisco ASA devices running firmware 8.x through 8.4(1). The issue is a flaw in the management of remote SSH sessions, allowing an authenticated remote user to cause a denial of service by establishing multiple concurrent SSH sessions, potentially crashing the device. Connecte...

6.3CVSS6.6AI score0.01313EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.65 views

CVE-2021-34790

CVE-2021-34790 describes multiple vulnerabilities in the Application Level Gateway (ALG) for the NAT feature in Cisco ASA and Firepower Threat Defense (FTD) software that could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections to hosts behind the ALG. A...

5.3CVSS5.3AI score0.011EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.64 views

CVE-2010-1578

CVE-2010-1578 affects Cisco ASA 5500 Series (and PIX 500) SunRPC inspection. Unauthenticated remote attackers can trigger a Denial of Service (device reload) by crafting SunRPC UDP packets. Affected software versions: ASA 7.2.x prior to 7.2(5), 8.0.x prior to 8.0(5.19), 8.1.x prior to 8.1(2.47), ...

7.8CVSS6.8AI score0.01772EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.64 views

CVE-2010-1579

Cisco ASA 5500 Series and PIX 500 devices are affected by CVE-2010-1579 via the SunRPC inspection DoS vulnerability. An unauthenticated attacker can cause a device reload by sending crafted SunRPC UDP packets to affected versions: ASA 7.2.x prior to 7.2(5), ASA 8.0.x prior to 8.0(5.19), ASA 8.1.x...

7.8CVSS6.8AI score0.01772EPSS
CVE
CVE
added 2019/10/02 7:6 p.m.63 views

CVE-2019-12693

Cisco ASA Software SCP DoS (CVE-2019-12693) is due to an incorrect data type for a length variable in the SCP implementation. An authenticated attacker with privilege level 15 can initiate a large file transfer via SCP to crash the device, causing a DoS. Affected products are Cisco Adaptive Secur...

6.8CVSS5.3AI score0.01488EPSS
CVE
CVE
added 2013/12/02 10:0 p.m.61 views

CVE-2013-6696

Cisco ASA Software is affected by CVE-2013-6696 due to improper handling of DNS error cases when processing DNS replies, allowing an unauthenticated, remote attacker to trigger a denial-of-service (reload) via a malformed DNS response. The issue stems from DNS response processing in ASA’s DNS cod...

7.1CVSS6.8AI score0.0117EPSS
CVE
CVE
added 2021/10/27 6:56 p.m.60 views

CVE-2021-34787

Cisco ASA/FTD IDFW rule-bypass (CVE-2021-34787) affects Identity-Based Rule Processing in ASA Software and FTD. Affected devices that use object group search may mishandle certain network requests, allowing an unauthenticated remote attacker to bypass ACLs and security protections, potentially se...

5.3CVSS5.3AI score0.01003EPSS
CVE
CVE
added 2013/06/26 7:0 p.m.59 views

CVE-2013-3382

CVE-2013-3382 (Cisco ASA NGFW) affects Cisco ASA NGFW module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12. A remote attacker can cause a denial-of-service by sending fragmented IPv4/IPv6 traffic, leading to device reload or traffic-processing outage. Root cause described as Bug CSCue88387. Miti...

7.8CVSS7AI score0.01904EPSS
CVE
CVE
added 2019/10/02 7:0 p.m.59 views

CVE-2019-12673

CVE-2019-12673 is a DoS vulnerability in the FTP inspection engine of Cisco ASA/FTD software caused by insufficient validation of FTP data. An unauthenticated, remote attacker can send crafted FTP traffic through an affected device to disrupt responsiveness. Cisco and related advisories confirm t...

8.6CVSS7.5AI score0.01772EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.58 views

CVE-2010-2815

CVE-2010-2815 affects Cisco ASA 5500 Series and PIX 500 series TLS/SSL processing. A DoS can be triggered by a sequence of crafted TLS packets, causing a device reload. Affected software versions and fixed releases are documented in Cisco PSIRT: upgrade to 7.2(5) or later for 7.2.x, 8.0(5.15) or ...

7.8CVSS6.7AI score0.02496EPSS
CVE
CVE
added 2013/04/18 6:0 p.m.58 views

CVE-2013-1194

CVE-2013-1194 affects Cisco ASA ISAKMP/IKE handling. The issue arises from how ASA responds to IKE aggressive-mode messages when VPN group names are valid vs invalid, allowing remote attackers to enumerate valid group names through timing/response differences in the initial exchange. Affected: Ci...

5CVSS6.8AI score0.01174EPSS
CVE
CVE
added 2013/04/18 6:0 p.m.58 views

CVE-2013-1199

The CVE covers a race condition in the CIFS implementation within Cisco ASA’s Clientless SSL VPN rewriter. The vulnerability occurs when an authenticated remote attacker creates multiple Clientless SSL VPN sessions to trigger the race, potentially causing a device reload (DoS). Affected product: ...

4.9CVSS6.5AI score0.00642EPSS
CVE
CVE
added 2011/02/25 11:0 a.m.57 views

CVE-2011-0395

Cisco ASA 5500 Series devices are affected by CVE-2011-0395 when RIP is enabled together with the Cisco Phone Proxy feature. The issue allows remote attackers to trigger a denial of service (device reload) via crafted RIP updates. Affected software versions include 8.0 before 8.0(5.20), 8.1 befor...

7.8CVSS6.8AI score0.02577EPSS
CVE
CVE
added 2013/07/25 3:0 p.m.57 views

CVE-2013-3414

CVE-2013-3414 affects Cisco ASA devices’ WebVPN portal login page. The vulnerability is an XSS flaw in the WebVPN login page caused by insufficient input validation, enabling remote attackers to inject arbitrary script/HTML via a crafted URL. Multiple sources (Cisco advisory, Nessus, CVE records)...

4.3CVSS5.8AI score0.02102EPSS
CVE
CVE
added 2006/08/23 10:0 p.m.56 views

CVE-2006-4312

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances are affected when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and FWSM 3.1(x) up to 3.1(1.6). The vulnerability causes the EXEC password, local user passwords, and the enable password to be change...

6.8CVSS7.2AI score0.00321EPSS
CVE
CVE
added 2008/06/04 9:0 p.m.56 views

CVE-2008-2056

The CVE-2008-2056 issue affects Cisco ASA/PIX security appliances (ASA 5500 series) where a crafted TLS packet sent to the device interface can cause a DoS (device reload). Affected: 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1. Remediation: upgrade to 8.0(3)9 or later (8.0.x) or 8.1(1)1 or late...

7.8CVSS6.6AI score0.01916EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.55 views

CVE-2010-2814

CVE-2010-2814 affects Cisco ASA 5500 Series (and PIX 500) TLS implementation. A sequence of crafted TLS packets can trigger a denial of service, causing the device to reload (unavailability). Reported as Bug CSCtf37506. Affected software and fixed releases per sources: 7.2.x before 7.2(5) → upgra...

7.8CVSS6.7AI score0.02496EPSS
CVE
CVE
added 2010/08/06 7:31 p.m.55 views

CVE-2010-2817

CVE-2010-2817 concerns an unspecified DoS vulnerability in the IKE implementation of Cisco ASA 5500-series devices (and Cisco PIX 500-series) that can cause a device reload via a crafted IKE message. Connected documents confirm affected software ranges and fixed versions: ASA 7.0 up to 7.0(8.11);...

7.8CVSS6.7AI score0.02496EPSS
Total number of security vulnerabilities63