CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4678
https://notcve.org/view.php?id=CVE-2010-4678
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. Dispositivos Cisco Adaptive Security Appliances (ASA) series 5500 con software anterior a v8.2(3) permite a los paquetes pasar antes de que la configuración se haya cargado, lo que podría permitir a atacantes remotos evitar las restricciones de acceso previstas, mediante el envío de tráfico por la red durante el inicio del dispositivo, también conocido como Bug ID CSCsy86769 • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64604 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4679
https://notcve.org/view.php?id=CVE-2010-4679
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. Los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software anterior a 8.2(3) no manejan apropiadamente los fallos de conexión de OCSP ("Online Certificate Status Protocol"), lo que permite a los emisarios de respuestas OCSP provocar una denegación de servicio (consumo de todos los sockets TCP) rechazando intentos de conexión. También conocido como Bug ID CSCsz36816. • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64605 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2010-0440 – Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0440
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de un parámetro POST manipulado, el cual no es correctamente gestionado por una declaración eval en binary/mainv.js que escribe start.html. • https://www.exploit-db.com/exploits/33567 http://secunia.com/advisories/38397 http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 http://www.coresecurity.com/content/cisco-secure-desktop-xss http://www.securityfocus.com/archive/1/509290/100/0/threaded http://www.securityfocus.com/bid/37960 http://www.vupen.com/english/advisories/2010/0273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •