Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2013-5542 [HIGH] CWE-399 CVE-2013-5542: Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 befor Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398.

CVE-2013-5511 [CRITICAL] CWE-287 CVE-2013-5511: The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authen

CVE-2013-5509 [CRITICAL] CWE-264 CVE-2013-5509: The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9 The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468.

CVE-2013-5513 [HIGH] CWE-119 CVE-2013-5513: Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4 Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.3), and 9.1.x before 9.1(1.8), when the DNS ALPI engine is enabled for TCP, allows remote attackers to cause a denial of service (device reload) vi

CVE-2013-3415 [HIGH] CWE-119 CVE-2013-3415: Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug

CVE-2013-5512 [HIGH] CWE-362 CVE-2013-5512: Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-serve

CVE-2013-5507 [HIGH] CWE-310 CVE-2013-5507: The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), wh The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975.

CVE-2013-5508 [HIGH] CWE-20 CVE-2013-5508: The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.1 The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27)

CVE-2013-5515 [HIGH] CWE-119 CVE-2013-5515: The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5. The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709.

CVE-2013-5510 [MEDIUM] CWE-287 CVE-2013-5510: The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which

CVE-2013-1150 [HIGH] CWE-287 CVE-2013-1150: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with sof The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a d

CVE-2013-1151 [HIGH] CWE-20 CVE-2013-1151: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0( Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (device reload) via a crafted certificate, aka Bug ID CSCu

CVE-2013-1149 [HIGH] CVE-2013-1149: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0( Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attacker

CVE-2013-1152 [HIGH] CVE-2013-1152: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote atta Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.

CVE-2013-1138 [MEDIUM] CWE-119 CVE-2013-1138: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

CVE-2012-6395 [MEDIUM] CWE-20 CVE-2012-6395: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecif Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.

CVE-2012-5717 [MEDIUM] CWE-264 CVE-2012-5717: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly ma Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.

CVE-2012-5419 [HIGH] CWE-399 CVE-2012-5419: Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Fir Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.

CVE-2012-4661 [CRITICAL] CWE-119 CVE-2012-4661: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (A Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 befo

CVE-2012-4659 [HIGH] CWE-287 CVE-2012-4659: The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication