NotCVE - vendor:"Cisco" product:"Cisco Adaptive Security Appliance (ASA) Software" version:"9.12.4.65"

Page 2 of 13 results (0.006 seconds)

CVSS: 5.8EPSS: 0%CPEs: 259EXPL: 0

CVE-2024-20297 – Cisco Adaptive Security Appliance and Firepower Threat Defense AnyConnect Access Control List Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2024-20297

23 Oct 2024 — A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device. This vulnerability is due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit this vulnerab... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-acl-bypass-VvnLNKqf •

CVSS: 8.6EPSS: 0%CPEs: 284EXPL: 0

CVE-2024-20260 – Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2024-20260

23 Oct 2024 — A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together. This vulnerability is due to a lack of proper memory management for new incoming SSL... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdvirtual-dos-MuenGnYR •

CVSS: 5.0EPSS: 0%CPEs: 227EXPL: 0

CVE-2024-20355

https://notcve.org/view.php?id=CVE-2024-20355

22 May 2024 — A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authe... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-bypass-KkNvXyKW • CWE-862: Missing Authorization •

1 2