Cisco Firewall Services Module vulnerabilities

CVE-2010-0151 [HIGH] CVE-2010-0151: The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message.

CVE-2009-0638 [HIGH] CVE-2009-0638: The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 befor The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.

CVE-2007-5584 [HIGH] CVE-2007-5584: Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."

CVE-2007-5568 [HIGH] CWE-20 CVE-2007-5568: Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM).

CVE-2007-5570 [HIGH] CWE-20 CVE-2007-5570: Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cau Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844.

CVE-2007-5571 [MEDIUM] CWE-264 CVE-2007-5571: Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edit Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.

CVE-2007-0968 [CRITICAL] CVE-2007-0968: Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3. Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.

CVE-2007-0963 [HIGH] CVE-2007-0963: Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.

CVE-2007-0966 [HIGH] CVE-2007-0966: Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.

CVE-2007-0965 [HIGH] CVE-2007-0965: Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.

CVE-2007-0967 [HIGH] CVE-2007-0967: Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.

CVE-2007-0962 [HIGH] CVE-2007-0962: Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.

CVE-2007-0964 [MEDIUM] CVE-2007-0964: Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.

CVE-2006-0515 [HIGH] CVE-2006-0515: Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3 Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspe

CVE-2005-3669 [MEDIUM] CVE-2005-3669: Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation i Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear whic

CVE-2005-1517 [HIGH] CVE-2005-1517: Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FT Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).

CVE-2004-0079 [HIGH] CWE-476 CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVE-2004-0081 [MEDIUM] CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote atta OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVE-2003-1002 [MEDIUM] CVE-2003-1002: Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote a Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.