CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2010-2815
https://notcve.org/view.php?id=CVE-2010-2815
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259. Vulnerabilidad no especificada en la implementación de Transport Layer Security (TLS) en Cisco Adaptive Security Appliances (ASA) para dispositivos de la serie 5500 con software v7.2 anteriores a v7.2(5), v8.0 anteriores a v8.0(5.15), v8.1 anteriores a v8.1(2.44), v8.2 anteriores a v8.2(2.10), y v8.3 anteriores a v8.3(1.1) y Cisco PIX Security Appliances para dispositivos de la serie 500, permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante secuencias de paquetes TLS manipulados, también conocido como Bug ID CSCtf55259. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42198 •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2010-2816
https://notcve.org/view.php?id=CVE-2010-2816
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. Vulnerabilidad no especificada en la característica de inspección SIP en Cisco Adaptive Security Appliances (ASA) para dispositivos serie 5500 con software v8.0 anteriores a v8.0(5.17), v8.1 anteriores a v8.1(2.45), y v8.2 anteriores a v8.2(2.13), permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante paquetes SIP manipulados, también conocido como Bug ID CSCtd32106. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42189 •
CVSS: 7.8EPSS: 2%CPEs: 13EXPL: 0CVE-2010-0151
https://notcve.org/view.php?id=CVE-2010-0151
The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message. El Cisco Firewall Services Module (FWSM) v4.0 anterior a v4.0(8), que se utiliza en los switches Cisco Catalyst 6500, routers Cisco 7600 y ASA 5500 Adaptive Security Appliances, permite a atacantes remotos provocar una denegación de servicio (cuelgue) a través de mensajes malformados del Skinny Client Control Protocol (SCCP). • http://osvdb.org/62432 http://secunia.com/advisories/38621 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910e.shtml http://www.securityfocus.com/bid/38274 http://www.securitytracker.com/id?1023609 http://www.vupen.com/english/advisories/2010/0418 https://exchange.xforce.ibmcloud.com/vulnerabilities/56333 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2010-0440 – Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0440
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de un parámetro POST manipulado, el cual no es correctamente gestionado por una declaración eval en binary/mainv.js que escribe start.html. • https://www.exploit-db.com/exploits/33567 http://secunia.com/advisories/38397 http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 http://www.coresecurity.com/content/cisco-secure-desktop-xss http://www.securityfocus.com/archive/1/509290/100/0/threaded http://www.securityfocus.com/bid/37960 http://www.vupen.com/english/advisories/2010/0273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-4455
https://notcve.org/view.php?id=CVE-2009-4455
The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." La configuración por defecto de Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) v7.0, v7.1, v7.2, v8.0, v8.1, y v8.2 permite que el tráfico del portal acceda a servidores de su elección en el backend, lo que podría permitir a usuarios autenticados remotamente eludir las restricciones de acceso implementadas y acceder a sitios web no autorizados mediante una URL ofuscada con ROT13 y cierto cifrado. NOTA: este comportamiento fue reportado originalmente como una carencia de restricciones en el listado de URLs en el componente de marcadores de Cisco WebVPN, pero el fabricante mantiene que "la característica de marcador no es una característica de seguridad" • http://osvdb.org/61132 http://secunia.com/advisories/37710 http://tools.cisco.com/security/center/viewAlert.x?alertId=19609 http://www.securityfocus.com/archive/1/508530/100/0/threaded http://www.securitytracker.com/id?1023368 http://www.vupen.com/english/advisories/2009/3577 • CWE-264: Permissions, Privileges, and Access Controls •