Cisco Adaptive Security Appliance Software vulnerabilities

306 known vulnerabilities affecting cisco/adaptive_security_appliance_software.

Total CVEs

306

CISA KEV

12

actively exploited

Public exploits

13

Exploited in wild

11

Severity breakdown

CRITICAL15HIGH177MEDIUM113LOW1

Vulnerabilities

Page 16 of 16

CVE-2007-2461HIGHCVSS 7.8v7.2.22007-05-02

CVE-2007-2461 [HIGH] CVE-2007-2461: The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multip

CVE-2006-3906MEDIUMCVSS 5.0v7.0v7.0\(4\)+4 more2006-07-27

CVE-2006-3906 [MEDIUM] CVE-2006-3906: Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protoc

CVE-2006-0515HIGHCVSS 7.5PoCv7.0v7.0\(4\)+2 more2006-05-09

CVE-2006-0515 [HIGH] CVE-2006-0515: Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3 Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspe

CVE-2005-4499HIGHCVSS 7.5v7.0v7.0\(4\)+2 more2005-12-22

CVE-2005-4499 [HIGH] CVE-2005-4499: The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL o The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS s

CVE-2005-3788MEDIUMCVSS 5.4v7.0\(0\)v7.0\(2\)+1 more2005-11-24

CVE-2005-3788 [MEDIUM] CVE-2005-3788: Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running w Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby

CVE-2005-3669MEDIUMCVSS 5.0v7.02005-11-18

CVE-2005-3669 [MEDIUM] CVE-2005-3669: Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation i Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear whic

← Previous16 / 16