Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2018-15454 [HIGH] CWE-20 CVE-2018-15454: A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Securit A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is

CVE-2018-15383 [HIGH] CWE-400 CVE-2018-15383: A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Applianc A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the af

CVE-2018-15397 [MEDIUM] CWE-320 CVE-2018-15397: A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) conditio

CVE-2018-15398 [MEDIUM] CWE-284 CVE-2018-15398: A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur wh

CVE-2018-15399 [MEDIUM] CWE-400 CVE-2018-15399: A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cis A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check i

CVE-2018-0296 [HIGH] CWE-20 CVE-2018-0296: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an u A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system

CVE-2018-0230 [HIGH] CWE-400 CVE-2018-0230: A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (F A vulnerability in the internal packet-processing functionality of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to the affe

CVE-2018-0231 [HIGH] CWE-20 CVE-2018-0231: A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance ( A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validatio

CVE-2018-0228 [HIGH] CWE-20 CVE-2018-0228: A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect handling of an internal software lock that

CVE-2018-0240 [HIGH] CWE-399 CVE-2018-0240: Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Secu Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to log

CVE-2018-0227 [HIGH] CWE-295 CVE-2018-0227: A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate A A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification

CVE-2018-0251 [MEDIUM] CWE-79 CVE-2018-0251: A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets La A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insuf

CVE-2018-0242 [MEDIUM] CWE-79 CVE-2018-0242: A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance co A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web

CVE-2018-0229 [MEDIUM] CWE-384 CVE-2018-0229: A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (S A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an aut

CVE-2018-0101 [CRITICAL] CWE-415 CVE-2018-0101: A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security A A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled o

CVE-2017-12246 [HIGH] CWE-399 CVE-2017-12246: A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Securit A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header.

CVE-2017-6752 [HIGH] CWE-200 CVE-2017-6752: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2 A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol

CVE-2017-6765 [MEDIUM] CWE-79 CVE-2017-6765: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient valida

CVE-2017-6770 [MEDIUM] CWE-20 CVE-2017-6770: Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to t

CVE-2017-6764 [MEDIUM] CWE-79 CVE-2017-6764: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the