Cisco Adaptive Security Appliance Software vulnerabilities

CVE-2018-0240 [HIGH] CWE-399 CVE-2018-0240: Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Secu Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to log

CVE-2018-0227 [HIGH] CWE-295 CVE-2018-0227: A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate A A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification

CVE-2018-0251 [MEDIUM] CWE-79 CVE-2018-0251: A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets La A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insuf

CVE-2018-0242 [MEDIUM] CWE-79 CVE-2018-0242: A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance co A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web

CVE-2018-0229 [MEDIUM] CWE-384 CVE-2018-0229: A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (S A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an aut

CVE-2018-0101 [CRITICAL] CWE-415 CVE-2018-0101: A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security A A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled o

CVE-2017-12246 [HIGH] CWE-399 CVE-2017-12246: A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Securit A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header.

CVE-2017-6752 [HIGH] CWE-200 CVE-2017-6752: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2 A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol

CVE-2017-6765 [MEDIUM] CWE-79 CVE-2017-6765: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient valida

CVE-2017-6770 [MEDIUM] CWE-20 CVE-2017-6770: Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to t

CVE-2017-6764 [MEDIUM] CWE-79 CVE-2017-6764: A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the

CVE-2012-5010 [HIGH] CWE-254 CVE-2012-5010: ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Applic

CVE-2017-6607 [HIGH] CWE-399 CVE-2017-6607: A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacke A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS requ

CVE-2017-6608 [HIGH] CWE-399 CVE-2017-6608: A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco A A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to t

CVE-2017-6609 [HIGH] CWE-399 CVE-2017-6609: A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacke A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the

CVE-2017-6610 [HIGH] CWE-399 CVE-2017-6610: A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software coul A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sendin

CVE-2017-3793 [MEDIUM] CWE-399 CVE-2017-3793: A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 throu A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condi

CVE-2017-3867 [MEDIUM] CWE-287 CVE-2017-3867: A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implem A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known F

CVE-2017-3807 [HIGH] CWE-119 CVE-2017-3807: A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a craf

CVE-2016-6461 [MEDIUM] CWE-20 CVE-2016-6461: A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1