CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2019-1693 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1693
03 May 2019 — A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit coul... • http://www.securityfocus.com/bid/108157 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2019-1687 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1687
03 May 2019 — A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted T... • http://www.securityfocus.com/bid/108176 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15462 – Cisco Firepower Threat Defense Software TCP Ingress Handler Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15462
03 May 2019 — A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to por... • http://www.securityfocus.com/bid/108178 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 0CVE-2018-15388 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15388
03 May 2019 — A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1691 – Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1691
21 Feb 2019 — A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition. The vulnerability is due to the incomplete error handling of the SSL or TLS packet header during the connection establishment. An attacker could exploit this vulnerability by sending a crafted SSL or TLS packet during the connection handshake. An exploit could allow t... • http://www.securityfocus.com/bid/107099 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 3%CPEs: 9EXPL: 0CVE-2018-15454 – Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15454
01 Nov 2018 — A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at ... • http://www.securityfocus.com/bid/105768 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2018-0453 – Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-0453
05 Oct 2018 — A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center (FMC), or through Cisco FMC on other Firepower sensors and devices that are controlled by the same Cisco FMC. To send the commands, the attacker must have root privileges for at least one affected sensor or the Cisc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 15EXPL: 0CVE-2018-15383 – Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15383
05 Oct 2018 — A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An a... • http://www.securitytracker.com/id/1041787 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15390 – Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15390
05 Oct 2018 — A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an F... • http://www.securityfocus.com/bid/105519 • CWE-399: Resource Management Errors CWE-667: Improper Locking •
CVSS: 7.5EPSS: 94%CPEs: 14EXPL: 11CVE-2018-0296 – Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-0296
07 Jun 2018 — A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An... • https://packetstorm.news/files/id/181032 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •