Lucene search
+L
CiscoAdaptive Security Appliance*

45 matches found

cve
cve
added 2023/03/23 12:0 a.m.128 views

CVE-2023-20107

Cisco CVE-2023-20107 affects Cisco ASA (5506-X, 5508-X, 5516-X) ASA Software and Cisco FTD Software due to insufficient entropy in the deterministic random bit generator (DRBG/PRNG) used for cryptographic key generation. The root cause is low entropy in DRBG on affected hardware, enabling an unau...

7.5CVSS5.6AI score0.00717EPSS
cve
cve
added 2020/10/21 6:35 p.m.110 views

CVE-2020-3529

The CVE-2020-3529 issue affects Cisco ** ASA** and FTD software. It is a vulnerability in the SSL VPN negotiation process caused by inefficient direct memory access (DMA) memory management during SSL VPN negotiation. An unauthenticated, remote attacker could send a steady stream of crafted DTLS t...

8.6CVSS7.9AI score0.01833EPSS
cve
cve
added 2020/10/21 6:41 p.m.103 views

CVE-2020-3554

CVE-2020-3554 affects Cisco ASA and FTD TCP packet processing due to a memory exhaustion condition, allowing unauthenticated remote DoS via high-rate crafted TCP traffic. Real-world impact per sources: potential exhaustion of device resources and DoS for transit traffic. Connected advisories conf...

8.6CVSS7.5AI score0.02633EPSS
cve
cve
added 2020/10/21 6:35 p.m.102 views

CVE-2020-3528

CVE-2020-3528 describes a DoS vulnerability in the OSPFv2 implementation of Cisco ASA and Firepower Threat Defense (FTD) software. The issue arises from incomplete input validation when processing certain OSPFv2 packets with Link-Local Signaling (LLS) data, which could allow an unauthenticated, r...

8.6CVSS8AI score0.01415EPSS
cve
cve
added 2020/10/21 6:40 p.m.100 views

CVE-2020-3572

CVE-2020-3572 is a memory-leak DoS in the SSL/TLS session handler of Cisco ASA and Firepower Threat Defense (FTD) software. The root cause is a memory leak when closing SSL/TLS connections in a specific state; an unauthenticated, remote attacker can exhaust device memory by creating and closing m...

8.6CVSS8.4AI score0.01742EPSS
cve
cve
added 2021/10/27 6:56 p.m.99 views

CVE-2021-40117

CVE-2021-40117 affects Cisco ASA and Firepower Threat Defense (FTD) Software. The issue is in the SSL/TLS message handler where incoming packets are not properly processed, allowing an unauthenticated remote attacker to trigger a reload of the device and cause a denial-of-service (DoS). Exploitat...

8.6CVSS7.8AI score0.01482EPSS
cve
cve
added 2020/10/21 6:36 p.m.95 views

CVE-2020-3304

CVE-2020-3304 affects Cisco ASA and Firepower Threat Defense (FTD) web interfaces. The issue stems from improper HTTP input validation, allowing an unauthenticated, remote attacker to craft an HTTP request that can trigger a reload of the affected device, causing a DoS. Impact is limited to the w...

8.6CVSS8.4AI score0.0381EPSS
cve
cve
added 2020/10/21 6:40 p.m.94 views

CVE-2020-3564

CVE-2020-3564 affects Cisco ASA/FTD FTP inspection engine. Root cause: ineffective flow tracking of FTP traffic allows an unauthenticated, remote attacker to bypass FTP inspection and complete FTP connections. Affected products include Cisco ASA Software and Cisco FTD Software. In practice, explo...

5.8CVSS5.3AI score0.01313EPSS
cve
cve
added 2020/10/21 6:41 p.m.92 views

CVE-2020-3561

CVE-2020-3561 affects Cisco ASA/FTD WebVPN (Clientless SSL VPN). The issue is a result of improper input sanitization that enables unauthenticated, remote CRLF header injection when a user is lured to click a crafted link, allowing arbitrary HTTP headers to be injected and potential redirection. ...

4.7CVSS4.9AI score0.01264EPSS
cve
cve
added 2021/10/27 6:56 p.m.90 views

CVE-2021-34793

CVE-2021-34793 is a DoS vulnerability in Cisco ASA/FTD software (transparent mode) due to improper handling of certain TCP segments by the TCP Normalizer, allowing an unauthenticated remote attacker to poison MAC address tables and disrupt networks. Affected products include Cisco ASA and Cisco F...

8.6CVSS8.4AI score0.00649EPSS
cve
cve
added 2021/10/27 6:56 p.m.90 views

CVE-2021-40118

CVE-2021-40118 affects Cisco ASA/FTD web services. The vulnerability arises from improper input validation when parsing HTTPS requests, allowing an unauthenticated, remote attacker to trigger a DoS condition by sending a malicious HTTPS request, potentially causing the device to reload. The issue...

8.6CVSS7.9AI score0.01307EPSS
cve
cve
added 2020/09/23 12:27 a.m.89 views

CVE-2019-15992

CVE-2019-15992 is a remote code execution vulnerability in the Lua interpreter used by Cisco ASA and Cisco FTD software. It arises from insufficient restrictions on Lua function calls in user-supplied scripts, which could allow an authenticated, remote attacker to trigger a heap overflow and exec...

9CVSS7.2AI score0.04122EPSS
cve
cve
added 2020/10/21 6:36 p.m.88 views

CVE-2020-3436

The CVE-2020-3436 vulnerability affects Cisco ASA/FTD Web Services: an unauthenticated attacker can upload arbitrarily large files to specific folders, triggering a watchdog timeout and an unexpected device reload (DoS) due to inefficient handling of large file writes. Affected products are Cisco...

8.6CVSS8.4AI score0.01895EPSS
cve
cve
added 2009/12/04 11:0 a.m.83 views

CVE-2009-2631

CVE-2009-2631 describes a design-level flaw in multiple clientless SSL VPN products (e.g., Stonesoft StoneGate, Cisco ASA, SonicWALL E-Class SSL VPN, Citrix Access Gateway, Juniper Secure Access, Nortel CallPilot, SafeNet SecureWire) where, if configured to access resources from a different domai...

6.8CVSS6.2AI score0.05134EPSS
cve
cve
added 2019/10/02 7:6 p.m.82 views

CVE-2019-12678

The CVE-2019-12678 issue affects Cisco ASA/FTD SIP inspection: an unauthenticated remote attacker can send malicious SIP packets to trigger an integer underflow in the SIP parsing module, causing the device to read unmapped memory and crash. Root cause: improper SIP message parsing in the SIP ins...

8.6CVSS7.5AI score0.01824EPSS
cve
cve
added 2009/06/25 5:0 p.m.79 views

CVE-2009-1201

Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...

4.3CVSS6AI score0.08828EPSS
cve
cve
added 2019/10/02 7:6 p.m.79 views

CVE-2019-12695

CVE-2019-12695 affects Cisco ASA and Cisco Firepower Threat Defense (FTD) WebVPN portals. The issue arises from insufficient validation of user-supplied input in the web-based management interface, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and execut...

6.1CVSS6AI score0.01057EPSS
cve
cve
added 2019/10/02 7:6 p.m.79 views

CVE-2019-12698

Cisco ASA Software and Cisco FTD WebVPN CPU Denial of Service (CVE-2019-12698) allows unauthenticated remote attackers to trigger high CPU by repeated WebVPN HTTP page requests, causing DoS. Affected ASA/FTD versions are mitigated by Cisco software updates; there are no supported workarounds per ...

7.8CVSS6.1AI score0.01967EPSS
cve
cve
added 2021/10/27 6:56 p.m.78 views

CVE-2021-34791

Cisco ASA and Firepower Threat Defense (FTD) software contain multiple ALG/NAT bypass vulnerabilities (NAT Slipstreaming) due to an incorrect implementation of security checks in the ALG/NAT handling, allowing unauthenticated remote actors to bypass the ALG and open unauthorized connections behin...

5.3CVSS5.3AI score0.011EPSS
cve
cve
added 2020/05/06 4:42 p.m.74 views

CVE-2020-3305

The CVE-2020-3305 issue affects Cisco ASA and Firepower Threat Defense (FTD) where the BGP module incorrectly processes certain BGP packets. An unauthenticated, remote attacker can craft BGP traffic to trigger a denial of service on the affected device. Multiple connected documents corroborate a ...

7.8CVSS7AI score0.01233EPSS
cve
cve
added 2020/05/06 4:42 p.m.74 views

CVE-2020-3306

CVE-2020-3306 affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) DHCP module. The root cause is incorrect processing of certain DHCP packets, which an unauthenticated remote attacker can exploit by sending a crafted DHCP packet to cause an on-device denial of service. Public docu...

7.8CVSS7AI score0.01233EPSS
cve
cve
added 2020/10/21 6:41 p.m.70 views

CVE-2020-3555

The CVE-2020-3555 issue affects Cisco ASA and Cisco Firepower Threat Defense (FTD) SIP inspection. The root cause is a watchdog timeout during cleanup of threads tied to a SIP connection being removed from the connection list, which can be triggered by a high rate of crafted SIP traffic. The impa...

7.8CVSS7AI score0.0166EPSS
cve
cve
added 2020/10/21 6:37 p.m.70 views

CVE-2020-3599

CVE-2020-3599 affects Cisco ASA’s web-based management interface, where unauthenticated remote attackers can trigger a reflected XSS via crafted links due to improper input validation. The issue impacts ASA Web UI components and could allow executing script in the interface context or exposing br...

6.1CVSS6AI score0.00823EPSS
cve
cve
added 2019/10/02 7:6 p.m.69 views

CVE-2019-12693

Cisco ASA Software SCP DoS (CVE-2019-12693) is due to an incorrect data type for a length variable in the SCP implementation. An authenticated attacker with privilege level 15 can initiate a large file transfer via SCP to crash the device, causing a DoS. Affected products are Cisco Adaptive Secur...

6.8CVSS5.3AI score0.01488EPSS
cve
cve
added 2019/10/02 7:6 p.m.68 views

CVE-2019-12676

CVE-2019-12676 affects Cisco ASA/FTD OSPF LSA processing. An unauthenticated adjacent attacker can send crafted OSPF LSA type 11 packets to trigger a device reload, causing DoS for routed traffic. Root cause: improper parsing of OSPF LSA type 11 options in ASA/FTD software. Impact: reload of the ...

7.4CVSS7.3AI score0.00507EPSS
cve
cve
added 2013/01/18 9:0 p.m.67 views

CVE-2012-5717

CVE-2012-5717 affects Cisco ASA devices running firmware 8.x through 8.4(1). The issue is a flaw in the management of remote SSH sessions, allowing an authenticated remote user to cause a denial of service by establishing multiple concurrent SSH sessions, potentially crashing the device. Connecte...

6.3CVSS6.6AI score0.01313EPSS
cve
cve
added 2009/06/25 5:0 p.m.66 views

CVE-2009-1202

Cisco ASA Web VPN vulnerability CVE-2009-1202 affects ASA software 8.0(4), 8.1.2, and 8.2.1. The issue arises in the Web VPN DOM wrapper and URL rewriting: Rot13-encoded/hex-encoded URL parameters can be manipulated to bypass protections and trigger Cross-Site Scripting (XSS) in the browser. Trus...

4.3CVSS5.7AI score0.01984EPSS
cve
cve
added 2009/06/25 5:0 p.m.66 views

CVE-2009-1203

Cisco ASA Web VPN Credential Theft (CVE-2009-1203): Affected ASA Web VPN on software 8.0(4), 8.1.2, and 8.2.1 could not distinguish its login screen from third‑party FTP/CIFS login prompts, enabling remote attackers to coax users into submitting credentials to an attacker‑controlled server via cr...

6CVSS6.8AI score0.03776EPSS
cve
cve
added 2021/10/27 6:56 p.m.66 views

CVE-2021-34790

CVE-2021-34790 describes multiple vulnerabilities in the Application Level Gateway (ALG) for the NAT feature in Cisco ASA and Firepower Threat Defense (FTD) software that could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections to hosts behind the ALG. A...

5.3CVSS5.3AI score0.011EPSS
cve
cve
added 2013/12/02 10:0 p.m.63 views

CVE-2013-6696

Cisco ASA Software is affected by CVE-2013-6696 due to improper handling of DNS error cases when processing DNS replies, allowing an unauthenticated, remote attacker to trigger a denial-of-service (reload) via a malformed DNS response. The issue stems from DNS response processing in ASA’s DNS cod...

7.1CVSS6.8AI score0.0117EPSS
cve
cve
added 2021/10/27 6:56 p.m.62 views

CVE-2021-34787

Cisco ASA/FTD IDFW rule-bypass (CVE-2021-34787) affects Identity-Based Rule Processing in ASA Software and FTD. Affected devices that use object group search may mishandle certain network requests, allowing an unauthenticated remote attacker to bypass ACLs and security protections, potentially se...

5.3CVSS5.3AI score0.01003EPSS
cve
cve
added 2013/04/18 6:0 p.m.60 views

CVE-2013-1194

CVE-2013-1194 affects Cisco ASA ISAKMP/IKE handling. The issue arises from how ASA responds to IKE aggressive-mode messages when VPN group names are valid vs invalid, allowing remote attackers to enumerate valid group names through timing/response differences in the initial exchange. Affected: Ci...

5CVSS6.8AI score0.01174EPSS
cve
cve
added 2013/04/18 6:0 p.m.59 views

CVE-2013-1199

The CVE covers a race condition in the CIFS implementation within Cisco ASA’s Clientless SSL VPN rewriter. The vulnerability occurs when an authenticated remote attacker creates multiple Clientless SSL VPN sessions to trigger the race, potentially causing a device reload (DoS). Affected product: ...

4.9CVSS6.5AI score0.00642EPSS
cve
cve
added 2019/10/02 7:0 p.m.59 views

CVE-2019-12673

CVE-2019-12673 is a DoS vulnerability in the FTP inspection engine of Cisco ASA/FTD software caused by insufficient validation of FTP data. An unauthenticated, remote attacker can send crafted FTP traffic through an affected device to disrupt responsiveness. Cisco and related advisories confirm t...

8.6CVSS7.5AI score0.01772EPSS
cve
cve
added 2013/07/25 3:0 p.m.58 views

CVE-2013-3414

CVE-2013-3414 affects Cisco ASA devices’ WebVPN portal login page. The vulnerability is an XSS flaw in the WebVPN login page caused by insufficient input validation, enabling remote attackers to inject arbitrary script/HTML via a crafted URL. Multiple sources (Cisco advisory, Nessus, CVE records)...

4.3CVSS5.8AI score0.02102EPSS
cve
cve
added 2006/08/23 10:0 p.m.56 views

CVE-2006-4312

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances are affected when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and FWSM 3.1(x) up to 3.1(1.6). The vulnerability causes the EXEC password, local user passwords, and the enable password to be change...

6.8CVSS7.2AI score0.00321EPSS
cve
cve
added 2013/04/11 10:0 a.m.55 views

CVE-2013-1152

CVE-2013-1152 affects Cisco ASA devices running software 9.0 before 9.0(1.2). A crafted field in a DNS message can trigger a denial-of-service, causing a device reload. Mitigation: upgrade to ASA 9.0(1.2) or later (see Cisco advisory). The issue is specific to the DNS inspection/vector handling d...

7.8CVSS6.8AI score0.01532EPSS
cve
cve
added 2014/01/08 9:0 p.m.55 views

CVE-2014-0653

The Cisco ASA Identity Firewall (IDFW) NetBIOS logout probe vulnerability (CVE-2014-0653) stems from insufficient validation of NetBIOS probe responses, allowing an unauthenticated remote attacker to modify a user’s authentication state. Cisco notes the issue in Cisco-SA-20140108-CVE-2014-0653 an...

4.3CVSS6.7AI score0.06893EPSS
cve
cve
added 2020/05/06 4:42 p.m.55 views

CVE-2020-3303

The CVE-2020-3303 issue affects Cisco ASA (Adaptive Security Appliance) and Cisco FTD (Firepower Threat Defense) software, arising from improper memory management in the IKEv1 feature. An unauthenticated, remote attacker can send crafted IKEv1 traffic to trigger a denial-of-service on affected de...

7.8CVSS7AI score0.01233EPSS
cve
cve
added 2013/08/30 1:0 a.m.54 views

CVE-2013-3463

The CVE-2013-3463 issue affects Cisco ASA Software where the protocol-inspection idle timeout is not honored for certain inspected connections. An unauthenticated, remote attacker can send crafted requests to exhaust the ASA’s connection table, causing a denial-of-service by preventing new connec...

4.3CVSS6.9AI score0.02406EPSS
cve
cve
added 2013/02/25 8:0 p.m.53 views

CVE-2013-1138

CVE-2013-1138 concerns Cisco ASA devices where the NAT process can be abused by unauthenticated, remote attackers sending crafted packets to exhaust the connections-table memory, causing a DoS. The vulnerability (Bug ID CSCue46386) affects Cisco ASA software and is described as a NAT handling fla...

5CVSS6.9AI score0.01497EPSS
cve
cve
added 2014/01/08 9:0 p.m.52 views

CVE-2014-0655

Cisco ASA with Identity Firewall (IDFW) is affected by CVE-2014-0655 due to insufficient validation of RADIUS Change of Authorization (CoA) messages, allowing unauthenticated remote attackers to replay crafted CoA messages and modify the IDFW user cache. This is tied to Bug CSCuj45332. The vulner...

4.3CVSS6.7AI score0.01513EPSS
cve
cve
added 2013/04/16 10:0 a.m.51 views

CVE-2012-5415

CVE-2012-5415 is a race condition affecting Cisco Adaptive Security Appliances (ASA) where an attacker can trigger denial of service (CPU consumption or device reload) by opening multiple connections. The issue arises from improper handling of hash lookups for secondary flows (Bug IDs CSCue31622 ...

5.4CVSS7.1AI score0.00803EPSS
cve
cve
added 2013/01/18 9:0 p.m.51 views

CVE-2012-6395

Cisco ASA devices running firmware 8.4 are affected by an input validation issue for UNC share pathnames. The vulnerability allows remote authenticated users to trigger a denial of service (device crash) due to improper validation of unspecified input. No explicit exploit details are provided in ...

6.3CVSS6.7AI score0.01834EPSS
cve
cve
added 2013/04/11 10:0 a.m.50 views

CVE-2013-1150

CVE-2013-1150 affects Cisco ASA/ASA-enabled devices via the authentication-proxy component. The DoS flaw allows remote attackers to trigger a device reload with a crafted URL, impacting ASA software versions across multiple trainings: 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1–8.2 before 8.2...

7.8CVSS6.8AI score0.02142EPSS