Product:

Pix_firewall

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2005-11-18 CVE-2005-3669 Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Adaptive_security_appliance_software, Firewall_services_module, Ios, Mds_9000, Mds_9000_san\-Os, Pix_firewall, Pix_firewall_software, Vpn_3000_concentrator_series_software N/A
2005-12-22 CVE-2005-4499 The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. Adaptive_security_appliance_software, Pix_asa_ids, Pix_firewall, Pix_firewall_501, Pix_firewall_506, Pix_firewall_515, Pix_firewall_515e, Pix_firewall_520, Pix_firewall_525, Pix_firewall_535, Pix_firewall_software, Secure_access_control_server, Vpn_3000_concentrator_series_software, Vpn_3001_concentrator, Vpn_3002_hardware_client, Vpn_3005_concentrator_software, Vpn_3015_concentrator, Vpn_3020_concentrator, Vpn_3030_concentator, Vpn_3060_concentrator, Vpn_3080_concentrator N/A
2006-05-09 CVE-2006-0515 Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734. Adaptive_security_appliance_software, Firewall_services_module, Pix_firewall, Pix_firewall_software N/A
2006-07-27 CVE-2006-3906 Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. Adaptive_security_appliance_software, Ios, Pix_asa_ids, Pix_firewall, Pix_firewall_501, Pix_firewall_506, Pix_firewall_515, Pix_firewall_515e, Pix_firewall_520, Pix_firewall_525, Pix_firewall_535, Pix_firewall_software, Secure_pix_firewall, Vpn_3000_concentrator_series_software, Vpn_3001_concentrator, Vpn_3005_concentrator_software, Vpn_3015_concentrator, Vpn_3020_concentrator, Vpn_3030_concentator, Vpn_3060_concentrator, Vpn_3080_concentrator N/A
2004-11-23 CVE-2004-0081 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Speed_technologies_litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Stonegate, Stonegate_vpn_client, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server N/A
2004-01-05 CVE-2003-1004 Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. Pix_firewall, Pix_firewall_software N/A
2004-01-05 CVE-2003-1003 Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. Pix_firewall, Pix_firewall_software N/A
2003-12-01 CVE-2003-0851 OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. Css11000_content_services_switch, Ios, Pix_firewall, Pix_firewall_software, Openssl N/A
2002-10-04 CVE-2002-0954 The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques. Pix_firewall N/A
1998-07-15 CVE-1999-1582 By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. Pix_firewall N/A