Cisco Adaptive Security Appliance vulnerabilities

CVE-2023-20107 [HIGH] CWE-332 CVE-2023-20107: A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic co

CVE-2022-20795 [MEDIUM] CWE-345 CVE-2022-20795: A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal proces

CVE-2021-1573 [HIGH] CWE-121 CVE-2021-1573: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit t

CVE-2021-34793 [HIGH] CWE-924 CVE-2021-34793: A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepo A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certai

CVE-2021-40117 [HIGH] CWE-119 CVE-2021-40117: A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An at

CVE-2021-40118 [HIGH] CWE-121 CVE-2021-40118: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software an A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit

CVE-2021-34791 [MEDIUM] CWE-358 CVE-2021-34791: Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For mo

CVE-2021-34790 [MEDIUM] CWE-358 CVE-2021-34790: Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For mo

CVE-2021-34787 [MEDIUM] CWE-183 CVE-2021-34787: A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Secu A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices conf

CVE-2020-3304 [HIGH] CWE-400 CVE-2020-3304: A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepow A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP re

CVE-2020-3529 [HIGH] CWE-400 CVE-2020-3529: A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Softw A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (

CVE-2020-3572 [HIGH] CWE-400 CVE-2020-3572: A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software a A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific s

CVE-2020-3555 [MEDIUM] CWE-404 CVE-2020-3555: A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software an A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash

CVE-2020-3436 [HIGH] CWE-434 CVE-2020-3436: A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco F A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affecte

CVE-2020-3554 [HIGH] CWE-400 CVE-2020-3554: A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vu

CVE-2020-3528 [HIGH] CWE-400 CVE-2020-3528: A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance ( A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validatio

CVE-2020-3564 [MEDIUM] CWE-284 CVE-2020-3564: A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafte

CVE-2020-3561 [MEDIUM] CWE-93 CVE-2020-3561: A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Softwa A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could expl

CVE-2020-3599 [MEDIUM] CWE-79 CVE-2020-3599: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Sof A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An

CVE-2019-15992 [HIGH] CWE-119 CVE-2019-15992: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security A A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is d