Cisco Adaptive Security Appliance Software vulnerabilities
306 known vulnerabilities affecting cisco/adaptive_security_appliance_software.
Total CVEs
306
CISA KEV
12
actively exploited
Public exploits
12
Exploited in wild
11
Severity breakdown
CRITICAL15HIGH177MEDIUM113LOW1
Vulnerabilities
Page 9 of 16
CVE-2016-6432HIGHCVSS 8.1v8.4.0v8.4.2+128 more2016-10-27
CVE-2016-6432 [HIGH] CWE-119 CVE-2016-6432: A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow a
A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS pac
nvd
CVE-2016-6431HIGHCVSS 7.5v8.0.2.11v8.0.2.15+204 more2016-10-27
CVE-2016-6431 [HIGH] CWE-20 CVE-2016-6431: A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted
nvd
CVE-2016-6424MEDIUMCVSS 6.5v8.4.7.29v9.1\(7\)42016-10-06
CVE-2016-6424 [MEDIUM] CWE-399 CVE-2016-6424: The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7
The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.
nvd
CVE-2016-6366HIGHCVSS 8.8KEVPoC≥ 7.2.1, < 9.0.4.40≥ 9.1.1, < 9.1.7\(9\)+5 more2016-08-18
CVE-2016-6366 [HIGH] CWE-120 CVE-2016-6366: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
nvd
CVE-2016-6367HIGHCVSS 7.8KEVPoC≥ 7.2.0, < 8.4\(3\)≥ 8.5, < 9.0\(1\)2016-08-18
CVE-2016-6367 [HIGH] CWE-77 CVE-2016-6367: Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWS
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
nvd
CVE-2016-1445MEDIUMCVSS 5.3≥ 8.2, < 9.4.3.3≥ 9.5.0, < 9.5.2.10+1 more2016-07-12
CVE-2016-1445 [MEDIUM] CVE-2016-1445: Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypa
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.
nvd
CVE-2016-1379MEDIUMCVSS 6.5v9.0.1v9.0.2+66 more2016-05-28
CVE-2016-1379 [MEDIUM] CWE-399 CVE-2016-1379: Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576.
nvd
CVE-2016-1385MEDIUMCVSS 6.5v8.4.0v8.4.1+128 more2016-05-26
CVE-2016-1385 [MEDIUM] CWE-119 CVE-2016-1385: The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authe
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209.
nvd
CVE-2015-6360HIGHCVSS 7.5v8.1.0.104v8.2.0.45+159 more2016-04-21
CVE-2015-6360 [HIGH] CWE-119 CVE-2015-6360: The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a d
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
nvd
CVE-2016-1367HIGHCVSS 7.5v9.4.12016-04-21
CVE-2016-1367 [HIGH] CWE-399 CVE-2016-1367: The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows rem
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248.
nvd
CVE-2016-1287CRITICALCVSS 9.8PoCv7.2.1v7.2.1.9+197 more2016-02-11
CVE-2016-1287 [CRITICAL] CWE-119 CVE-2016-1287: Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 b
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 device
nvd
CVE-2016-1295MEDIUMCVSS 5.3v8.4.0v8.4.1+24 more2016-01-16
CVE-2016-1295 [MEDIUM] CWE-200 CVE-2016-1295: Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive inf
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775.
nvd
CVE-2015-6423MEDIUMCVSS 4.3v9.4.1v9.4.1.1+5 more2016-01-15
CVE-2015-6423 [MEDIUM] CWE-264 CVE-2015-6423: The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 throu
The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782.
nvd
CVE-2015-6379MEDIUMCVSS 6.8v8.4.02015-11-25
CVE-2015-6379 [MEDIUM] CWE-399 CVE-2015-6379: The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 a
The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223.
nvd
CVE-2015-6326HIGHCVSS 7.8v7.2.1v7.2.1.9+179 more2015-10-25
CVE-2015-6326 [HIGH] CWE-399 CVE-2015-6326: Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.
Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(1.5) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug
nvd
CVE-2015-6327HIGHCVSS 7.8v7.2.1v7.2.1.9+172 more2015-10-25
CVE-2015-6327 [HIGH] CWE-399 CVE-2015-6327: The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(
The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets,
nvd
CVE-2015-6325HIGHCVSS 7.1v7.2.1v7.2.1.9+173 more2015-10-25
CVE-2015-6325 [HIGH] CWE-399 CVE-2015-6325: Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.
Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4), 9.3 before 9.3(3.1), and 9.4 before 9.4(1.1) allows remote attackers to cause a denial of service (device reload) via a crafted DNS response, aka Bug
nvd
CVE-2015-6324HIGHCVSS 7.1v9.0.1v9.0.2+47 more2015-10-25
CVE-2015-6324 [HIGH] CWE-399 CVE-2015-6324: The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4
The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug IDs CSCus56252 and CSCus57142.
nvd
CVE-2015-4321MEDIUMCVSS 5.0v9.3\(1.50\)v9.3\(2.100\)+2 more2015-08-20
CVE-2015-4321 [MEDIUM] CWE-20 CVE-2015-4321: The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA)
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv6
nvd
CVE-2015-4458MEDIUMCVSS 4.3v9.1.5.212015-07-18
CVE-2015-4458 [MEDIUM] CWE-310 CVE-2015-4458: The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adapti
The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976.
nvd