Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Adaptive_security_appliance_software
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 311 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-12-18 | CVE-2014-8012 | Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. | Adaptive_security_appliance_software | N/A | ||
| 2014-12-20 | CVE-2014-3410 | The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860. | Adaptive_security_appliance_software | N/A | ||
| 2015-01-14 | CVE-2015-0578 | Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. | Adaptive_security_appliance_software | N/A | ||
| 2015-02-12 | CVE-2015-0619 | Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458. | Adaptive_security_appliance_software | N/A | ||
| 2015-06-17 | CVE-2015-4550 | The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218. | Adaptive_security_appliance_software | N/A | ||
| 2015-07-03 | CVE-2015-4239 | Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220. | Adaptive_security_appliance_software | N/A | ||
| 2015-07-08 | CVE-2015-4241 | Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679. | Adaptive_security_appliance_software | N/A | ||
| 2015-07-18 | CVE-2015-4458 | The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. | Adaptive_security_appliance_software | N/A | ||
| 2015-08-20 | CVE-2015-4321 | The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. | Adaptive_security_appliance_software | N/A | ||
| 2016-01-15 | CVE-2015-6423 | The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. | Adaptive_security_appliance_software | 4.3 |