Pix Firewall Software Security Vulnerabilities and Issues — Pix Firewall Software CVE List

Lucene search

CiscoPix Firewall Software

12 matches found

CVE•added 2013/08/05 1:22 p.m.•190 views

CVE-2013-0149

The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, ...

5.8CVSS6.2AI score0.00937EPSS

CVE•added 1999/09/29 4:0 a.m.•89 views

CVE-1999-0158

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.

5CVSS6.7AI score0.00502EPSS

CVE•added 2004/11/23 5:0 a.m.•87 views

CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

5CVSS7.2AI score0.02271EPSS

CVE•added 2004/11/23 5:0 a.m.•87 views

CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-b...

5CVSS7.2AI score0.00942EPSS

CVE•added 2003/12/01 5:0 a.m.•65 views

CVE-2003-0851

OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.

5CVSS7.2AI score0.07195EPSS

CVE•added 2006/07/27 10:4 p.m.•51 views

CVE-2006-3906

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued tha...

5CVSS6.6AI score0.02852EPSS

CVE•added 2006/08/17 1:4 a.m.•49 views

CVE-2006-4194

Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working w...

5CVSS6.8AI score0.00871EPSS

CVE•added 2005/11/18 9:3 p.m.•48 views

CVE-2005-3669

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to...

5CVSS6.9AI score0.09461EPSS

CVE•added 1999/09/29 4:0 a.m.•47 views

CVE-1999-0157

Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.

5CVSS7.3AI score0.00504EPSS

CVE•added 2004/01/05 5:0 a.m.•46 views

CVE-2003-1004

Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.

5CVSS6.7AI score0.00655EPSS

CVE•added 2005/11/16 9:17 p.m.•41 views

CVE-2002-2140

Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.

5CVSS7.5AI score0.01122EPSS

CVE•added 2001/01/22 5:0 a.m.•36 views

CVE-2000-1027

Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.

5CVSS7AI score0.05816EPSS