Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Adaptive_security_appliance_software
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 310 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-10-07 | CVE-2014-3399 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. | Adaptive_security_appliance_software | N/A | ||
2014-11-28 | CVE-2014-3407 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | Adaptive_security_appliance_software | N/A | ||
2015-02-07 | CVE-2013-5557 | The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. | Adaptive_security_appliance_software | N/A | ||
2015-06-04 | CVE-2015-0760 | The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | Adaptive_security_appliance_software | N/A | ||
2015-04-13 | CVE-2015-0675 | The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | Adaptive_security_appliance_software | N/A | ||
2013-12-07 | CVE-2013-6707 | Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233. | Adaptive_security_appliance_software | N/A | ||
2019-08-07 | CVE-2019-1944 | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | Adaptive_security_appliance_software | 7.3 | ||
2019-08-07 | CVE-2019-1945 | Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | Adaptive_security_appliance_software | 7.8 | ||
2015-02-17 | CVE-2014-8023 | Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. | Adaptive_security_appliance_software | N/A | ||
2011-02-25 | CVE-2011-0379 | Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. | 5500_series_adaptive_security_appliance, Adaptive_security_appliance_software, Asa_5500, Telepresence_manager, Telepresence_multipoint_switch, Telepresence_multipoint_switch_software, Telepresence_system_1000, Telepresence_system_1100, Telepresence_system_1300_series, Telepresence_system_3000, Telepresence_system_3200_series, Telepresence_system_500_series, Telepresence_system_software | N/A |