Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2018-15388 [HIGH] CWE-400 CVE-2018-15388: A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacke

CVE-2019-1694 [HIGH] CWE-20 CVE-2019-1694: A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An att

CVE-2019-1708 [HIGH] CWE-404 CVE-2019-1708: A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) fe A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (Do

CVE-2019-1697 [HIGH] CWE-20 CVE-2019-1697: A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are d

CVE-2019-1713 [HIGH] CWE-352 CVE-2019-1713: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Sof A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An a

CVE-2019-1714 [HIGH] CWE-255 CVE-2019-1714: A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-O A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN

CVE-2019-1695 [MEDIUM] CWE-284 CVE-2019-1695: A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisc A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected d

CVE-2019-1693 [MEDIUM] CWE-399 CVE-2019-1693: A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An a

CVE-2019-1705 [MEDIUM] CWE-404 CVE-2019-1705: A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulner

CVE-2019-1701 [MEDIUM] CWE-79 CVE-2019-1701: Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software a Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insuff

CVE-2018-15465 [HIGH] CWE-285 CVE-2018-15465: A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software c A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interfa

CVE-2018-15454 [HIGH] CWE-20 CVE-2018-15454: A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Securit A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is

CVE-2018-15383 [HIGH] CWE-400 CVE-2018-15383: A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Applianc A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the af

CVE-2018-15397 [MEDIUM] CWE-320 CVE-2018-15397: A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) conditio

CVE-2018-15398 [MEDIUM] CWE-284 CVE-2018-15398: A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur wh

CVE-2018-15399 [MEDIUM] CWE-400 CVE-2018-15399: A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cis A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check i

CVE-2018-0296 [HIGH] CWE-20 CVE-2018-0296: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an u A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system

CVE-2018-0230 [HIGH] CWE-400 CVE-2018-0230: A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (F A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to the affe

CVE-2018-0231 [HIGH] CWE-20 CVE-2018-0231: A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance ( A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validatio

CVE-2018-0228 [HIGH] CWE-20 CVE-2018-0228: A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software lock that