Cisco Adaptive Security Appliance Software vulnerabilities
315 known vulnerabilities affecting cisco/adaptive_security_appliance_software.
Total CVEs
315
CISA KEV
12
actively exploited
Public exploits
13
Exploited in wild
11
Severity breakdown
CRITICAL15HIGH179MEDIUM120LOW1
Vulnerabilities
Page 16 of 16
CVE-2008-2059HIGHCVSS 7.8v8.02008-06-04
CVE-2008-2059 [HIGH] CWE-264 CVE-2008-2059: Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors.
nvd
CVE-2008-2057MEDIUMCVSS 5.4v7.2.2v8.02008-06-04
CVE-2008-2057 [MEDIUM] CVE-2008-2057: The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PI
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet.
nvd
CVE-2008-0028HIGHCVSS 7.1fixed in 7.2\(3\)6v8.0\(3\)2008-01-23
CVE-2008-0028 [HIGH] CVE-2008-0028: Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Securi
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.
nvd
CVE-2007-5568HIGHCVSS 7.1v7.0v7.0\(4\)+22 more2007-10-18
CVE-2007-5568 [HIGH] CWE-20 CVE-2007-5568: Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM
Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM).
nvd
CVE-2007-5569HIGHCVSS 7.1v7.12007-10-18
CVE-2007-5569 [HIGH] CWE-20 CVE-2007-5569: Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the devi
Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
nvd
CVE-2007-4786MEDIUMCVSS 5.3≥ 7.0, < 7.0.7.1≥ 7.1, < 7.1.2.61+2 more2007-09-10
CVE-2007-4786 [MEDIUM] CWE-319 CVE-2007-4786: Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 bef
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which al
nvd
CVE-2007-2462CRITICALCVSS 10.0≤ 7.2.2v7.12007-05-02
CVE-2007-2462 [CRITICAL] CVE-2007-2462: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, whe
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.
nvd
CVE-2007-2464HIGHCVSS 7.1≤ 7.2.2v7.12007-05-02
CVE-2007-2464 [HIGH] CVE-2007-2464: Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."
nvd
CVE-2007-2463HIGHCVSS 7.8≤ 7.2.2v7.12007-05-02
CVE-2007-2463 [HIGH] CVE-2007-2463: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.
nvd
CVE-2007-2461HIGHCVSS 7.8v7.2.22007-05-02
CVE-2007-2461 [HIGH] CVE-2007-2461: The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multip
nvd
CVE-2006-3906MEDIUMCVSS 5.0v7.0v7.0\(4\)+4 more2006-07-27
CVE-2006-3906 [MEDIUM] CVE-2006-3906: Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators,
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protoc
nvd
CVE-2006-0515HIGHCVSS 7.5PoCv7.0v7.0\(4\)+2 more2006-05-09
CVE-2006-0515 [HIGH] CVE-2006-0515: Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspe
nvd
CVE-2005-4499HIGHCVSS 7.5v7.0v7.0\(4\)+2 more2005-12-22
CVE-2005-4499 [HIGH] CVE-2005-4499: The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL o
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS s
nvd
CVE-2005-3788MEDIUMCVSS 5.4v7.0\(0\)v7.0\(2\)+1 more2005-11-24
CVE-2005-3788 [MEDIUM] CVE-2005-3788: Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running w
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby
nvd
CVE-2005-3669MEDIUMCVSS 5.0v7.02005-11-18
CVE-2005-3669 [MEDIUM] CVE-2005-3669: Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation i
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear whic
nvd
← Previous16 / 16