CVE-2008-2055Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input ValidationCWE-3995 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 30.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Adaptive Security Appliance SoftwareCisco PIX Security Appliance
Timeline
PublishedJun 4
Latest updateMay 1

Description

Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/pix_security_appliance7.1, 7.2, 8.0+2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-pm7g-rjq3-4v5h: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 72022-05-01
CVEList
CVE-2008-2055: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 72008-06-04

💥Exploits & PoCs

1
Exploit-DB
ZeroLogon - Netlogon Elevation of Privilege2020-11-18

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco PIX and Cisco ASA2008-06-04
CVE-2008-2055 — Improper Input Validation in Cisco | cvebase