Filtered by vendor Cisco
Subscriptions
Filtered by product Asa 5512-x Firmware
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15256 | 1 Cisco | 24 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 21 more | 2024-11-19 | 8.6 High |
| A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device. | ||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-15 | 4.3 Medium |
| A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | ||||
| CVE-2020-3186 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-15 | 5.3 Medium |
| A vulnerability in the management access list configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured management interface access list on an affected system. The vulnerability is due to the configuration of different management access lists, with ports allowed in one access list and denied in another. An attacker could exploit this vulnerability by sending crafted remote management traffic to the local IP address of an affected system. A successful exploit could allow the attacker to bypass the configured management access list policies, and traffic to the management interface would not be properly denied. | ||||
| CVE-2020-3179 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-15 | 7.5 High |
| A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | ||||
| CVE-2020-3125 | 1 Cisco | 25 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 22 more | 2024-11-15 | 9.8 Critical |
| A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication. | ||||
| CVE-2020-3187 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-15 | 9.1 Critical |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. | ||||
| CVE-2020-3188 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-15 | 5.3 Medium |
| A vulnerability in how Cisco Firepower Threat Defense (FTD) Software handles session timeouts for management connections could allow an unauthenticated, remote attacker to cause a buildup of remote management connections to an affected device, which could result in a denial of service (DoS) condition. The vulnerability exists because the default session timeout period for specific to-the-box remote management connections is too long. An attacker could exploit this vulnerability by sending a large and sustained number of crafted remote management connections to an affected device, resulting in a buildup of those connections over time. A successful exploit could allow the attacker to cause the remote management interface or Cisco Firepower Device Manager (FDM) to stop responding and cause other management functions to go offline, resulting in a DoS condition. The user traffic that is flowing through the device would not be affected, and the DoS condition would be isolated to remote management only. | ||||
| CVE-2020-3189 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-15 | 8.6 High |
| A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. | ||||
| CVE-2020-3191 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-15 | 8.6 High |
| A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper length validation of a field in an IPv6 DNS packet. An attacker could exploit this vulnerability by sending a crafted DNS query over IPv6, which traverses the affected device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to DNS over IPv6 traffic only. | ||||
| CVE-2020-3195 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-15 | 7.5 High |
| A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2020-3196 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-15 | 8.6 High |
| A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. | ||||
| CVE-2020-3254 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-15 | 7.5 High |
| Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to inefficient memory management. An attacker could exploit these vulnerabilities by sending crafted MGCP packets through an affected device. An exploit could allow the attacker to cause memory exhaustion resulting in a restart of an affected device, causing a DoS condition for traffic traversing the device. | ||||
| CVE-2020-3255 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-15 | 7.5 High |
| A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a high rate of IPv4 or IPv6 traffic through an affected device. This traffic would need to match a configured block action in an access control policy. An exploit could allow the attacker to cause a memory exhaustion condition on the affected device, which would result in a DoS for traffic transiting the device, as well as sluggish performance of the management interface. Once the flood is stopped, performance should return to previous states. | ||||
| CVE-2020-3283 | 1 Cisco | 29 Asa 5505, Asa 5505 Firmware, Asa 5510 and 26 more | 2024-11-15 | 8.6 High |
| A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. | ||||
| CVE-2021-40125 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-07 | 5.3 Medium |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device. | ||||
| CVE-2021-34783 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-07 | 8.6 High |
| A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability. | ||||
| CVE-2021-34787 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2024-11-07 | 5.3 Medium |
| A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts. | ||||
| CVE-2021-34792 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-07 | 8.6 High |
| A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | ||||
| CVE-2021-34793 | 1 Cisco | 19 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 16 more | 2024-11-07 | 8.6 High |
| A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption. | ||||
| CVE-2021-34794 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-07 | 5.3 Medium |
| A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query. | ||||