Adaptive Security Appliance Software Security Vulnerabilities and Issues — Page 6 of Adaptive Security Appliance Software CVE List

Lucene search

CiscoAdaptive Security Appliance Software

311 matches found

CVE•added 2015/04/13 1:59 a.m.•40 views

CVE-2015-0676

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9....

7.1CVSS6.6AI score0.00349EPSS

CVE•added 2020/05/06 5:15 p.m.•40 views

CVE-2020-3298

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the reload of an affected device, resulting in a denial of service (Do...

8.6CVSS7.6AI score0.01156EPSS

CVE•added 2024/10/23 5:15 p.m.•40 views

CVE-2024-20331

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerabi...

6.8CVSS6.3AI score0.00222EPSS

CVE•added 2024/10/23 6:15 p.m.•40 views

CVE-2024-20485

A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this ...

6.7CVSS6.3AI score0.0004EPSS

CVE•added 2024/10/23 6:15 p.m.•40 views

CVE-2024-20526

A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established....

5.3CVSS5.5AI score0.00368EPSS

CVE•added 2007/10/18 9:17 p.m.•39 views

CVE-2007-5569

Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.

7.1CVSS6.6AI score0.0134EPSS

CVE•added 2010/08/09 11:58 a.m.•39 views

CVE-2010-1580

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers ...

7.8CVSS6.8AI score0.00839EPSS

CVE•added 2013/04/11 10:55 a.m.•39 views

CVE-2013-1151

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (...

7.1CVSS6.8AI score0.00215EPSS

CVE•added 2013/04/16 2:4 p.m.•39 views

CVE-2013-1193

The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, ...

5CVSS6.8AI score0.00677EPSS

CVE•added 2013/10/13 10:20 a.m.•39 views

CVE-2013-5507

The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CS...

7.1CVSS6.8AI score0.00579EPSS

CVE•added 2013/11/01 2:55 a.m.•39 views

CVE-2013-5551

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, ak...

6.3CVSS6.8AI score0.01179EPSS

CVE•added 2014/04/23 11:52 a.m.•39 views

CVE-2014-2154

Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469.

5CVSS6.8AI score0.00918EPSS

CVE•added 2014/10/10 10:55 a.m.•39 views

CVE-2014-3391

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka B...

6.8CVSS6.5AI score0.00095EPSS

CVE•added 2014/10/10 10:55 a.m.•39 views

CVE-2014-3394

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug...

5CVSS6.9AI score0.00091EPSS

CVE•added 2015/04/13 1:59 a.m.•39 views

CVE-2015-0675

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain adminis...

8.3CVSS6.7AI score0.00214EPSS

CVE•added 2015/10/25 2:59 a.m.•39 views

CVE-2015-6327

The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of...

7.8CVSS6.7AI score0.00411EPSS

CVE•added 2016/07/12 1:59 a.m.•39 views

CVE-2016-1445

Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

5.3CVSS5.2AI score0.0021EPSS

CVE•added 2024/10/23 6:15 p.m.•39 views

CVE-2024-20493

A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several m...

5.3CVSS5.7AI score0.00053EPSS

CVE•added 2011/01/07 12:0 p.m.•38 views

CVE-2010-4673

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.

7.8CVSS6.9AI score0.01086EPSS

CVE•added 2011/01/07 12:0 p.m.•38 views

CVE-2010-4678

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769...

7.5CVSS7AI score0.00146EPSS

CVE•added 2011/10/22 2:59 a.m.•38 views

CVE-2011-2060

The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service...

4.9CVSS6.4AI score0.00066EPSS

CVE•added 2012/03/15 12:55 a.m.•38 views

CVE-2012-0355

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets th...

7.8CVSS6.8AI score0.01525EPSS

CVE•added 2014/02/22 9:55 p.m.•38 views

CVE-2014-0739

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj6...

4.3CVSS7.2AI score0.00184EPSS

CVE•added 2014/10/10 10:55 a.m.•38 views

CVE-2014-3390

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 a...

6.8CVSS6.2AI score0.00324EPSS

CVE•added 2014/12/18 4:59 p.m.•38 views

CVE-2014-8012

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.

4.3CVSS5.8AI score0.00296EPSS

CVE•added 2015/10/25 2:59 a.m.•38 views

CVE-2015-6324

The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs C...

7.1CVSS6.7AI score0.00284EPSS

CVE•added 2007/05/02 10:19 p.m.•37 views

CVE-2007-2463

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.

7.8CVSS6.7AI score0.01618EPSS

CVE•added 2011/01/07 11:0 p.m.•37 views

CVE-2010-4691

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.

7.8CVSS7AI score0.01086EPSS

CVE•added 2013/01/18 9:55 p.m.•37 views

CVE-2012-6395

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.

6.3CVSS6.7AI score0.00988EPSS

CVE•added 2013/02/25 8:55 p.m.•37 views

CVE-2013-1138

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

5CVSS6.9AI score0.00438EPSS

CVE•added 2013/04/11 10:55 a.m.•37 views

CVE-2013-1150

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and ...

7.8CVSS6.8AI score0.00692EPSS

CVE•added 2013/10/13 10:20 a.m.•37 views

CVE-2013-5515

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via c...

7.8CVSS6.8AI score0.00283EPSS

CVE•added 2014/07/14 9:55 p.m.•37 views

CVE-2013-5567

Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka...

5.4CVSS6.9AI score0.015EPSS

CVE•added 2014/04/10 4:34 a.m.•37 views

CVE-2014-2129

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh4...

7.1CVSS7.7AI score0.00399EPSS

CVE•added 2016/01/15 3:59 a.m.•37 views

CVE-2015-6423

The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2019/05/03 4:29 p.m.•37 views

CVE-2019-1697

A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a den...

7.8CVSS7.2AI score0.00433EPSS

CVE•added 2024/10/23 5:15 p.m.•37 views

CVE-2024-20341

A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected...

6.1CVSS6AI score0.00075EPSS

CVE•added 2011/01/07 12:0 p.m.•36 views

CVE-2010-4676

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.

6.8CVSS6.5AI score0.00925EPSS

CVE•added 2013/07/25 3:53 p.m.•36 views

CVE-2013-3414

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

4.3CVSS5.8AI score0.00521EPSS

CVE•added 2013/11/13 3:55 p.m.•36 views

CVE-2013-5560

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCue34342.

5.4CVSS6.9AI score0.00218EPSS

CVE•added 2024/10/23 6:15 p.m.•36 views

CVE-2024-20382

6.1CVSS6AI score0.00061EPSS

CVE•added 2008/06/04 9:32 p.m.•35 views

CVE-2008-2059

Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.

7.8CVSS6.8AI score0.00201EPSS

CVE•added 2011/01/07 12:0 p.m.•35 views

CVE-2010-4675

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest securi...

9CVSS6.5AI score0.00185EPSS

CVE•added 2013/11/13 3:55 p.m.•35 views

CVE-2013-5568

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.

7.1CVSS6.9AI score0.00347EPSS

CVE•added 2015/02/12 1:59 a.m.•35 views

CVE-2015-0619

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458.

5CVSS6.8AI score0.00568EPSS

CVE•added 2015/11/25 4:59 a.m.•35 views

CVE-2015-6379

The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.

6.8CVSS6.3AI score0.00785EPSS

CVE•added 2008/06/04 9:32 p.m.•34 views

CVE-2008-2057

The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.

5.4CVSS6.5AI score0.01581EPSS

CVE•added 2011/01/07 12:0 p.m.•34 views

CVE-2010-4674

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.

7.8CVSS7AI score0.01086EPSS

CVE•added 2013/10/13 10:20 a.m.•34 views

CVE-2013-3415

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via p...

7.8CVSS6.9AI score0.00619EPSS

CVE•added 2015/10/25 2:59 a.m.•34 views

CVE-2015-6326

Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of serv...

7.8CVSS6.7AI score0.00427EPSS

Total number of security vulnerabilities311