Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2013-5510 [MEDIUM] CWE-287 CVE-2013-5510: The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which

CVE-2013-1150 [HIGH] CWE-287 CVE-2013-1150: The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with sof The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a d

CVE-2013-1151 [HIGH] CWE-20 CVE-2013-1151: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0( Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (device reload) via a crafted certificate, aka Bug ID CSCu

CVE-2013-1149 [HIGH] CVE-2013-1149: Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0( Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attacker

CVE-2013-1152 [HIGH] CVE-2013-1152: Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote atta Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.

CVE-2013-1138 [MEDIUM] CWE-119 CVE-2013-1138: The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID CSCue46386.

CVE-2012-6395 [MEDIUM] CWE-20 CVE-2012-6395: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecif Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.

CVE-2012-5717 [MEDIUM] CWE-264 CVE-2012-5717: Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly ma Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.

CVE-2012-5419 [HIGH] CWE-399 CVE-2012-5419: Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Fir Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.

CVE-2012-4661 [CRITICAL] CWE-119 CVE-2012-4661: Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (A Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 befo

CVE-2012-4659 [HIGH] CWE-287 CVE-2012-4659: The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.30) and 8.3 before 8.3(2.34) allows remote attackers to cause a denial of service (device reload) via a crafted authentication

CVE-2012-4663 [HIGH] CWE-119 CVE-2012-4663: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and th The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 760

CVE-2012-4662 [HIGH] CWE-119 CVE-2012-4662: The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and th The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.13) and the Firewall Services Module (FWSM) 4.1 before 4.1(7) in Cisco Catalyst 6500 series switches and 760

CVE-2012-4643 [HIGH] CWE-399 CVE-2012-4643: The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Service The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 before 7.2(5.8), 7.2 before 7.2(5.8), 8.0 before 8.0(5.28), 8.1 before 8.1(2.56), 8.2 before 8.2(5.27), 8.3 before 8.3(2.31), 8.4 before 8.4(3.10), 8.5 before 8

CVE-2012-4660 [HIGH] CWE-119 CVE-2012-4660: The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the A The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before 8.2(5.17), 8.3 before 8.3(2.28), 8.4 before 8.4(2.13), 8.5 before 8.5(1.4), and 8.6 before 8.6(1.5) allows remote attackers to cause a denial of service (device rel

CVE-2012-2472 [HIGH] CWE-399 CVE-2012-2472: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP ins Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143.

CVE-2012-2474 [MEDIUM] CWE-200 CVE-2012-2474: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 throug Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278.

CVE-2012-3058 [HIGH] CVE-2012-3058: Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCu

CVE-2012-0378 [HIGH] CWE-189 CVE-2012-0378: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow rem Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854.

CVE-2011-4006 [HIGH] CWE-20 CVE-2011-4006: The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with so The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565.