Page 16 of 130 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 85EXPL: 0

The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401. La implementación de acceso remoto VPN en Cisco Adaptive Security Appliance (ASA) Software 7.x anteriores a 7.2(5.12), 8.x anteriores a 8.2(5.46), 8.3.x anteriores a 8.3(2.39), 8.4.x anteriores a 8.4(6), 8.6.x anteriores a 8.6(1.12), 9.0.x anteriores a 9.0(3.1), y 9.1.x anteriores a 9.1(2.5), cuando una opción de "override-account-disable" se activa, no analiza correctamente respuestas AAA LDAP, lo cual permite a atacantes remotos sortear la autenticación a través de un intento de conexión VPN, también conocido como Bug ID CSCug83401. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5510 • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 168EXPL: 0

The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434. El motor de SQL*Net inspection en Cisco Adaptive Security Appliance (ASA) 7.x anteriores a 7.2(5.12), 8.x anteriores a 8.2(5.44), 8.3.x anteriores a 8.3(2.39), 8.4.x anteriores a 8.4(6), 8.5.x anteriores a 8.5(1.18), 8.6.x anteriores a 8.6(1.12), 8.7.x anteriores a 8.7(1.6), 9.0.x anteriores a 9.0(2.10) y 9.1.x anteriores a 9.1(2) y Firewall Services Modue (FWSM) 3.1.x y 3.2.x anteriores a 3.2(27) y 4.x anteriores a 4.1(14) permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de paquetes segmentados Transparent Network Substrate (TNS) manipulados, tambien conocido como Bug ID CSCub98434. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5508 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 151EXPL: 0

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267. Cisco Adaptive Security Appliances (ASA) los dispositivos con v7.x de software antes de v7.2(5.10) v8.0, antes de v8.0(5.28), v8.1 y v8.2 antes de v8.2(5.35), v8.3 antes de v8.3(2.34), v8.4 antes de v8.4(4.11), v8.6 antes de v8.6(1.10), y v8.7 antes de v8.7(1.3), y Cisco Firewall Services Module (FWSM) software v3.1 y v3.2 antes de v3.2(24.1) y v4.0 y v401 antes de v4.1(11.1), permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un elaborado IKEv1 mensaje, también conocido como Bug ID CSCub85692 y CSCud20267. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm •

CVSS: 7.1EPSS: 0%CPEs: 83EXPL: 0

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (device reload) via a crafted certificate, aka Bug ID CSCuc72408. Cisco Adaptive Security Appliances (ASA) los dispositivos con software v7.x antes de v7.2(5.10), v8.0, antes de v8.0(5.31), v8.1 y v8.2 antes de v8.2(5.38), 8.3 antes de v8.3(2.37), v8.4 antes de v8.4(5), v8.5 antes de v8.5(1.17), v8.6 antes de v8.6(1.10), y v8.7 antes de v8.7(1.3) permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) a través de un certificado hecho a mano, también conocido como Bug ID CSCuc72408. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 107EXPL: 0

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590. La implementación de autenticación de proxy de Cisco Adaptive Security Appliances (ASA) los dispositivos con v7.x antes de 7.2(5.10), v8.0 antes de 8.0(5.31), v8.1 y 8.2 antes de v8.2(5.38), v8.3 antes de v8.3(2.37), v8.4 antes de v8.4(5.3), v8.5 y v8.6 antes de v8.6(1.10), v8.7 antes de v8.7(1.4), v9.0 antes de 9.0(1.1), y v9.1 antes de 9.1(1.2) permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) a través de un URL elaborado, CSCud16590 también conocido como Bug ID. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1150 • CWE-287: Improper Authentication •