CVSS: 7.7EPSS: 0%CPEs: 16EXPL: 0CVE-2019-12677 – Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12677
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos • CWE-172: Encoding Error CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12676 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12676
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. Una vulnerabilidad en la implementación de Open Shortest Path First (OSPF) del Software Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante adyacente no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12673 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-12673
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. Una vulnerabilidad en el motor de inspección FTP del Software Cisco Adaptive Security (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1945 – Cisco Adaptive Security Appliance Smart Tunnel Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-1945
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. Múltiples vulnerabilidades en la funcionalidad de smart tunnel de Adaptive Security Appliance (ASA) de Cisco, podrían permitir a un atacante local autenticado elevar los privilegios al usuario root o cargar un archivo de biblioteca malicioso mientras el túnel está siendo establecido. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso de seguridad. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-multi • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1934 – Cisco Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1934
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. Una vulnerabilidad en la interfaz de administración basada en web del software Adaptive Security Appliance (ASA) de Cisco, podría permitir a un atacante remoto autenticado elevar los privilegios y ejecutar funciones administrativas en un dispositivo afectado. La vulnerabilidad es debido a una comprobación de autorización insuficiente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala • CWE-285: Improper Authorization •