CVE-2010-2816
https://notcve.org/view.php?id=CVE-2010-2816
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. Vulnerabilidad no especificada en la característica de inspección SIP en Cisco Adaptive Security Appliances (ASA) para dispositivos serie 5500 con software v8.0 anteriores a v8.0(5.17), v8.1 anteriores a v8.1(2.45), y v8.2 anteriores a v8.2(2.13), permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante paquetes SIP manipulados, también conocido como Bug ID CSCtd32106. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42189 •
CVE-2009-1201 – Cisco ASA Appliance 8.x - WebVPN DOM Wrapper Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1201
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. Vulnerabilidad de inyección "Eval" en la función csco_wrap_js en /+CSCOL+/cte.js en WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1, permite a atacantes remotos eludir un envoltorio (wrapper) DOM y realizar ataques de secuencias de comandos en sitios cruzados (XSS) configurando el valor CSCO_WebVPN['process'] con el nombre de la función modificada, alias Bug ID CSCsy80694. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33055 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35476 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-1202 – Cisco ASA Web VPN Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1202
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 permite a atacantes remotos eludir ciertos mecanismos de protección que impliquen la reescritura de URL y HTML y realizar ataques de secuencias de comandos en sitios cruzados (XSS) modificando el primer carácter codificado hexadecimal en una URI /+CSCO+, alias Bug ID CSCsy80705. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35480 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-1203 – Cisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing
https://notcve.org/view.php?id=CVE-2009-1203
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos engañar a un usuario enviándole credenciales WebVPN para un servidor de su elección mediante una URL asociada con este servidor, alias Bug ID CSCsy80709. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33054 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35475 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 •
CVE-2008-0028
https://notcve.org/view.php?id=CVE-2008-0028
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. Hay una vulnerabilidad no especificada en PIX 500 Series Security Appliance y 5500 Series Adaptive Security Appliance (ASA) de Cisco anterior a las versiones 7.2 (3) 6 y 8.0 (3), cuando la función de decremento de Time-to-Live (TTL) está habilitada, permite que los atacantes remotos causen una denegación de servicio (recarga del dispositivo) por medio de un paquete IP creado. • http://secunia.com/advisories/28625 http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml http://www.securityfocus.com/bid/27418 http://www.securitytracker.com/id?1019262 http://www.securitytracker.com/id?1019263 http://www.vupen.com/english/advisories/2008/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/39862 •