Adaptive Security Appliance Security Vulnerabilities and Issues — Adaptive Security Appliance CVE List

Lucene search

CiscoAdaptive Security Appliance

9 matches found

CVE•added 2020/10/21 7:15 p.m.•76 views

CVE-2020-3561

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due...

4.7CVSS4.9AI score0.00363EPSS

CVE•added 2009/04/01 6:30 p.m.•58 views

CVE-2009-1220

Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to injec...

4.3CVSS5.9AI score0.17044EPSS

CVE•added 2009/06/25 5:30 p.m.•53 views

CVE-2009-1201

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN[...

4.3CVSS6AI score0.12886EPSS

CVE•added 2009/06/25 5:30 p.m.•49 views

CVE-2009-1202

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded charact...

4.3CVSS5.7AI score0.00362EPSS

CVE•added 2013/04/18 6:55 p.m.•42 views

CVE-2013-1199

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58...

4.9CVSS6.5AI score0.00469EPSS

CVE•added 2013/08/30 1:55 a.m.•42 views

CVE-2013-3463

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899.

4.3CVSS6.9AI score0.01166EPSS

CVE•added 2014/01/08 9:55 p.m.•40 views

CVE-2014-0655

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.

4.3CVSS6.7AI score0.00586EPSS

CVE•added 2014/01/08 9:55 p.m.•39 views

CVE-2014-0653

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.

4.3CVSS6.7AI score0.00701EPSS

CVE•added 2013/07/25 3:53 p.m.•36 views

CVE-2013-3414

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

4.3CVSS5.8AI score0.00521EPSS