Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2016-1295 [MEDIUM] CWE-200 CVE-2016-1295: Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive inf Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.

CVE-2015-6423 [MEDIUM] CWE-264 CVE-2015-6423: The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 throu The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.

CVE-2015-6379 [MEDIUM] CWE-399 CVE-2015-6379: The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 a The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.

CVE-2015-6326 [HIGH] CWE-399 CVE-2015-6326: Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8. Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug

CVE-2015-6327 [HIGH] CWE-399 CVE-2015-6327: The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2( The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets,

CVE-2015-6325 [HIGH] CWE-399 CVE-2015-6325: Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8. Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug

CVE-2015-6324 [HIGH] CWE-399 CVE-2015-6324: The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4 The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142.

CVE-2015-4321 [MEDIUM] CWE-20 CVE-2015-4321: The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv6

CVE-2015-4458 [MEDIUM] CWE-310 CVE-2015-4458: The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adapti The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976.

CVE-2015-4241 [MEDIUM] CVE-2015-4241: Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote attackers to cause a denial of service (system reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCut52679.

CVE-2015-4239 [MEDIUM] CWE-399 CVE-2015-4239: Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

CVE-2015-4238 [MEDIUM] CWE-399 CVE-2015-4238: The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4(7) and 8.6(1.2) allo The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4(7) and 8.6(1.2) allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests during a time of high network traffic, aka Bug ID CSCul02601.

CVE-2015-4550 [MEDIUM] CWE-310 CVE-2015-4550: The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with sof The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.

CVE-2015-0760 [MEDIUM] CWE-20 CVE-2015-0760: The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows r The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.

CVE-2015-0742 [MEDIUM] CWE-399 CVE-2015-0742: The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Soft The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial o

CVE-2015-0677 [HIGH] CWE-20 CVE-2015-0677: The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload)

CVE-2015-0675 [HIGH] CWE-284 CVE-2015-0675: The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1 The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the

CVE-2015-0676 [HIGH] CWE-20 CVE-2015-0676: The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cau

CVE-2014-8023 [MEDIUM] CWE-264 CVE-2014-8023: Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authen Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.

CVE-2013-5557 [MEDIUM] CVE-2013-5557: The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Applian The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577.