Page 14 of 85 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. Una vulnerabilidad en la funcionalidad WebVPN del Software Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado causar una mayor utilización de la CPU en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-dos • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Una vulnerabilidad en el portal Clientless SSL VPN (WebVPN) de Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Una vulnerabilidad en la interfaz de línea de comando (CLI) del Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante local autenticado con privilegios administrativos ejecutar comandos sobre el sistema operativo subyacente con privilegios de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-cmdinj • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. Una vulnerabilidad en el módulo de inspección del Session Initiation Protocol (SIP) del Software Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device. Una vulnerabilidad en la implementación de Open Shortest Path First (OSPF) del Software Cisco Adaptive Security Appliance (ASA) y el Software Cisco Firepower Threat Defense (FTD), podría permitir a un atacante adyacente no autenticado causar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos • CWE-20: Improper Input Validation •