Cisco Pix vulnerabilities

14 known vulnerabilities affecting cisco/pix.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH9MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2009-1155HIGHCVSS 7.8v7.1v7.2+2 more2009-04-09

CVE-2009-1155 [HIGH] CWE-287 CVE-2009-1155: Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1( Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecifi

nvd

CVE-2009-1159HIGHCVSS 7.8v7.2v8.0+1 more2009-04-09

CVE-2009-1159 [HIGH] CVE-2009-1159: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security A Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.

nvd

CVE-2009-1158HIGHCVSS 7.8v7.0v7.1+3 more2009-04-09

CVE-2009-1158 [HIGH] CVE-2009-1158: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.

nvd

CVE-2009-1157HIGHCVSS 7.8v7.0v7.1+3 more2009-04-09

CVE-2009-1157 [HIGH] CVE-2009-1157: Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.

nvd

CVE-2009-1156MEDIUMCVSS 5.7v8.0v8.12009-04-09

CVE-2009-1156 [MEDIUM] CVE-2009-1156: Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.

nvd

CVE-2009-1160MEDIUMCVSS 4.3v7.0v7.1+2 more2009-04-09

CVE-2009-1160 [MEDIUM] CWE-264 CVE-2009-1160: Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.

nvd

CVE-2008-3815MEDIUMCVSS 4.3v7.0v7.1+3 more2008-10-23

CVE-2008-3815 [MEDIUM] CWE-287 CVE-2008-3815: Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security A Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unkn

nvd

CVE-2008-2733HIGHCVSS 7.1v7.2v8.0+1 more2008-09-04

CVE-2008-2733 [HIGH] CVE-2008-2733: Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14 Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.

nvd

CVE-2008-2732HIGHCVSS 7.8v7.2v8.0+1 more2008-09-04

CVE-2008-2732 [HIGH] CVE-2008-2732: Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive S Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57

nvd

CVE-2007-2462CRITICALCVSS 10.0≤ 7.2v7.12007-05-02

CVE-2007-2462 [CRITICAL] CVE-2007-2462: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, whe Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.

nvd

CVE-2007-2464HIGHCVSS 7.1≤ 7.2v7.12007-05-02

CVE-2007-2464 [HIGH] CVE-2007-2464: Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."

nvd

CVE-2007-2463HIGHCVSS 7.8≤ 7.2v7.12007-05-02

CVE-2007-2463 [HIGH] CVE-2007-2463: Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.

nvd

CVE-2007-2461HIGHCVSS 7.8v7.22007-05-02

CVE-2007-2461 [HIGH] CVE-2007-2461: The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multip

nvd

CVE-2005-3774MEDIUMCVSS 5.0PoCv6.3v7.02005-11-23

CVE-2005-3774 [MEDIUM] CVE-2005-3774: Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) o

nvd