28 matches found
CVE-2016-6366
CVE-2016-6366 is a buffer overflow in Cisco ASA software (SNMP code) that allows an authenticated, remote attacker to cause a reload or remotely execute code via crafted IPv4 SNMP packets. The vulnerability affects multiple Cisco devices and ASA platforms, including ASA 5500, 5500-X, ASA Services...
CVE-2013-0149
CVE-2013-0149: The OSPF implementation in Cisco IOS (12.0–12.4, 15.0–15.3), IOS-XE 2.x–3.9.xS, ASA/PIX 7.x–9.1, FWSM, NX-OS, and StarOS before 14.0.50488 fails to properly validate LSA type 1 packets before updating the LSA database, enabling remote attackers to cause a denial of service (routing...
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-1999-0158
The CVE-1999-0158 issue affects Cisco PIX Firewall Manager (PFM) running on Windows NT. An HTTP server in PFM listens on port 8080; if reachable from inside the network and the attacker knows absolute file paths, they can read arbitrary files on the PFM host (and potentially on connected network ...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2003-0851
CVE-2003-0851 describes a DoS in OpenSSL’s ASN.1 parser caused by large recursion in malformed ASN.1 sequences. Public diagnostics in the connected data tie the issue to OpenSSL 0.9.6k and older, with Red Hat/Fedora advisories noting fixes in later OpenSSL releases (e.g., 0.9.6l or newer). The vu...
CVE-2002-1024
Technical details for CVE-2002-1024 are not publicly available in the provided connected documents. Monitor for updates in the Vulners feed for affected products, versions, impact, and fixes.
CVE-2005-4499
CVE-2005-4499 affects Cisco PIX and VPN 3000 concentrators via the Downloadable RADIUS ACLs feature. When an ACL is created on CS ACS, the system generates a random internal name that doubles as a hidden username and password, enabling a remote attacker to sniff the cleartext username from a RADI...
CVE-2006-4194
CVE-2006-4032 (Cisco IOS CME) and CVE-2006-4194 involve an unspecified vulnerability in Cisco products (CME and PIX 500) where remote attackers can access sensitive information (e.g., SIP user directory usernames) through SIP-related messages or fixups. The description notes the vendor could not ...
CVE-2007-0961
Cisco PIX 500, ASA 5500 Series, and FWSM (3.x) are affected when SIP inspection is enabled. A vulnerability in SIP message handling allows remote, unauthenticated attackers to trigger a DoS by sending malformed SIP packets, potentially causing device reloads/reboots. Affected versions include ASA...
CVE-2007-0962
Cisco PIX 500, ASA 5500 Series, and FWSM devices are affected by a DoS vulnerability triggered by malformed HTTP traffic when the built-in HTTP inspection (inspect http) is enabled. A remote attacker can cause a device reboot, with impact described as an availability loss. Affected versions are: ...
CVE-2006-3906
CVE-2006-3906 describes a DoS in the IKEv1 implementation on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls. The root cause is improper handling of large volumes of IKE Phase-1 requests, leading to resource exhaustion and degraded availability. Exploitation is possible without valid credent...
CVE-1999-0157
Cisco PIX firewall/CBAC is affected by CVE-1999-0157 due to an IP fragmentation handling issue that can lead to a denial of service. The available connected documents identify the affected product (Cisco PIX firewall with CBAC) and the impact (DoS), but do not provide explicit root-cause details,...
CVE-2007-0960
Cisco PIX 500 and ASA 5500 Series appliances (7.2.2) with LOCAL user authentication are affected by a privilege-escalation vulnerability. An authenticated remote attacker who is defined in the local database with privilege 0 can gain administrative privileges due to the LOCAL authentication path....
CVE-2008-0028
The CVE-2008-0028 issue affects Cisco PIX 500 Series and Cisco 5500 Series ASA when the TTL decrement feature is enabled. A crafted IP packet can trigger a device reload, leading to DoS. Affected software versions are prior to 7.2(3)6 for PIX and prior to 8.0(3) for ASA. Cisco’s advisory states f...
CVE-2000-0150
Check Point FireWall-1 is affected by CVE-2000-0150, where the FTP PASV handling flaw in stateful inspection allows remote attackers to bypass FTP data-connection restrictions by causing the firewall to misinterpret crafted packets as a valid PASV response. The vulnerability stems from layering v...
CVE-2000-1022
CVE-2000-1022 concerns the mailguard feature in Cisco Secure PIX Firewall (versions 5.2(2) and earlier). The defect allows bypass of SMTP command restrictions by issuing a DATA command before restricted SMTP commands, enabling remote attackers to interact with the SMTP daemon in ways not intended...
CVE-2003-1004
Cisco PIX firewall versions 6.2.x through 6.2.3, when configured as a VPN Client, are affected by CVE-2003-1004. A remote attacker can cause a denial of service (dropped IPSec tunnel) by sending an IKE Phase I negotiation request to the firewall’s outside interface. The connected sources consiste...
CVE-2005-3669
CVE-2005-3669 covers multiple unspecified vulnerabilities in the Internet Key Exchange v1 (IKEv1) implementation in Cisco products that cause a denial of service (device reset) via malformed IKE packets, demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The Cisco advisory lacks details to m...
CVE-2006-0515
CVE-2006-0515 affects Cisco PIX/ASA and Websense integration. Affected: Cisco PIX/ASA versions 7.1.x before 7.1(2) and 7.0.x before 7.0(5); PIX 6.3.x before 6.3.5(112); and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7) . Root cause: handling of HTTP requests when the GET method is split across m...
CVE-2006-4312
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances are affected when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and FWSM 3.1(x) up to 3.1(1.6). The vulnerability causes the EXEC password, local user passwords, and the enable password to be change...
CVE-2003-1003
CVE-2003-1003 affects Cisco PIX firewall versions 5.x and 6.3.1 and earlier. The vulnerability allows remote attackers to cause a denial-of-service crash/reload via an SNMPv3 message when snmp-server is configured. The connected Red Hat/NVD records and Cisco advisory corroborate the DoS impact. T...
CVE-2007-0959
Cisco PIX 500 Series Security Appliances and Cisco ASA 5500 Series ASA contain a vulnerability (CVE-2007-0959) that can cause a DoS via malformed TCP packets when the device is configured to inspect certain TCP-based protocols. The root cause is insufficient handling of malformed TCP streams, all...
CVE-2002-2140
Vulnerability CVE-2002-2140 affects Cisco PIX Firewall software versions 5.2.x (up to 5.2.8), 6.0.x (up to 6.0.3), 6.1.x (up to 6.1.3), and 6.2.x (up to 6.2.1). A buffer overflow in the HTTP traffic authentication path (via TACACS+ or RADIUS) allows remote attackers to cause a denial of service. ...
CVE-2003-1109
CVE-2003-1109 affects Cisco SIP implementations in IP Phone models 7940/7960, IOS 12.2 train, and Secure PIX 5.2.9–6.2.2. Crafted INVITE messages can cause denial of service and may allow arbitrary code execution, as demonstrated by the OUSPG PROTOS c07-sip test suite. Connected sources (Cisco ad...
CVE-2000-1027
The CVE-2000-1027 entry describes a vulnerability in Cisco Secure PIX Firewall 5.2(2) where an attacker can determine the real IP address of a target FTP server by flooding it with PASV requests. The PASV response reveals the actual IP, enabling partial confidentiality impact. The provided data n...
CVE-2002-2139
Cisco PIX Firewall versions affected include 6.0.3 and earlier, and 6.1.x up to 6.1.3. The vulnerability arises because duplicate ISAKMP Security Associations (SAs) for a VPN session are not deleted, enabling a local attacker to hijack a session via a man-in-the-middle attack. The CVE entry from ...