Adaptive_security_appliance_software - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Adaptive_security_appliance_software
(Cisco)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	310

Date	Id	Summary	Products	Score	Patch	Annotated
2018-11-01	CVE-2018-15454	A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically...	Adaptive_security_appliance_software, Firepower_threat_defense	8.6
2018-12-24	CVE-2018-15465	A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An...	Adaptive_security_appliance_software	8.1
2019-05-03	CVE-2018-15388	A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to...	Adaptive_security_appliance_software, Firepower_threat_defense	8.6
2019-05-03	CVE-2019-1687	A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by...	Adaptive_security_appliance_software, Firepower_threat_defense	7.5
2019-05-03	CVE-2019-1693	A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A...	Adaptive_security_appliance_software, Firepower_threat_defense	6.5
2019-05-03	CVE-2019-1695	A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful...	Adaptive_security_appliance_software, Firepower_threat_defense	6.5
2019-05-03	CVE-2019-1697	A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted...	Adaptive_security_appliance_software, Firepower_threat_defense	7.5
2019-05-03	CVE-2019-1701	Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the...	Adaptive_security_appliance_software, Firepower_threat_defense	4.8
2019-05-03	CVE-2019-1705	A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.	Adaptive_security_appliance_software	5.9
2019-05-03	CVE-2019-1706	A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by...	Adaptive_security_appliance_software	8.6