CVE-2010-4678
https://notcve.org/view.php?id=CVE-2010-4678
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. Dispositivos Cisco Adaptive Security Appliances (ASA) series 5500 con software anterior a v8.2(3) permite a los paquetes pasar antes de que la configuración se haya cargado, lo que podría permitir a atacantes remotos evitar las restricciones de acceso previstas, mediante el envío de tráfico por la red durante el inicio del dispositivo, también conocido como Bug ID CSCsy86769 • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64604 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-4679
https://notcve.org/view.php?id=CVE-2010-4679
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. Los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software anterior a 8.2(3) no manejan apropiadamente los fallos de conexión de OCSP ("Online Certificate Status Protocol"), lo que permite a los emisarios de respuestas OCSP provocar una denegación de servicio (consumo de todos los sockets TCP) rechazando intentos de conexión. También conocido como Bug ID CSCsz36816. • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64605 • CWE-20: Improper Input Validation •
CVE-2008-0028
https://notcve.org/view.php?id=CVE-2008-0028
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. Hay una vulnerabilidad no especificada en PIX 500 Series Security Appliance y 5500 Series Adaptive Security Appliance (ASA) de Cisco anterior a las versiones 7.2 (3) 6 y 8.0 (3), cuando la función de decremento de Time-to-Live (TTL) está habilitada, permite que los atacantes remotos causen una denegación de servicio (recarga del dispositivo) por medio de un paquete IP creado. • http://secunia.com/advisories/28625 http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml http://www.securityfocus.com/bid/27418 http://www.securitytracker.com/id?1019262 http://www.securitytracker.com/id?1019263 http://www.vupen.com/english/advisories/2008/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/39862 •
CVE-2007-2463
https://notcve.org/view.php?id=CVE-2007-2463
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.1 anterior a 7.1(2)49 y 7.2 anterior a 7.2(2)17 permite a atacantes remotos provocar denegación de servicio (recarga de dispositivo) a través de vectores desconocidos relacionados con el fin de la conexión VPN y el vencimiento de la contraseña. • http://secunia.com/advisories/25109 http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml http://www.osvdb.org/35332 http://www.securityfocus.com/bid/23768 http://www.vupen.com/english/advisories/2007/1636 https://exchange.xforce.ibmcloud.com/vulnerabilities/34021 •
CVE-2007-2464
https://notcve.org/view.php?id=CVE-2007-2464
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." Condición de carrera en el Cisco Adaptive Security Appliance (ASA) y en el PIX 7.1 anterior al 7.1(2)49 y el 7.2 anterior al 7.2(2)19, cuando se utiliza "VPNs SSL sin cliente", permite a atacantes remotos provocar una denegación de servicio (recargar el dispositivo) a través de "sesiones SSL no estándar". • http://secunia.com/advisories/25109 http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml http://www.kb.cert.org/vuls/id/337508 http://www.osvdb.org/35333 http://www.securityfocus.com/bid/23768 http://www.vupen.com/english/advisories/2007/1636 https://exchange.xforce.ibmcloud.com/vulnerabilities/34023 •