CVE-2013-5510
https://notcve.org/view.php?id=CVE-2013-5510
The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401. La implementación de acceso remoto VPN en Cisco Adaptive Security Appliance (ASA) Software 7.x anteriores a 7.2(5.12), 8.x anteriores a 8.2(5.46), 8.3.x anteriores a 8.3(2.39), 8.4.x anteriores a 8.4(6), 8.6.x anteriores a 8.6(1.12), 9.0.x anteriores a 9.0(3.1), y 9.1.x anteriores a 9.1(2.5), cuando una opción de "override-account-disable" se activa, no analiza correctamente respuestas AAA LDAP, lo cual permite a atacantes remotos sortear la autenticación a través de un intento de conexión VPN, también conocido como Bug ID CSCug83401. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5510 • CWE-287: Improper Authentication •
CVE-2013-5512
https://notcve.org/view.php?id=CVE-2013-5512
Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992. Condición de carrera en la función HTTP Deep Packet Inspection (DPI) en Cisco Adaptive Security Appliance (ASA) Software 8.2.x anterior a 8.2(5.46), 8.3.x anterior a 8.3(2.39), 8.4.x anterior a 8.4(5.5), 8.5.x anterior a 8.5(1.18), 8.6.x anterior a 8.6(1.12), 8.7.x anterior a 8.7(1.4), 9.0.x anterior a 9.0(1.4), y 9.1.x anterior a 9.1(1.2), que en ciertas condiciones que implican la opción spoof-server o ActiveX o inspección de respuesta de Java, permite a atacantes remotos provocar una denegación de servicio (recarga dispositivo) a través de una respuesta HTTP manipulada, también conocido como Bug ID CSCud37992. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5512 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-5508
https://notcve.org/view.php?id=CVE-2013-5508
The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434. El motor de SQL*Net inspection en Cisco Adaptive Security Appliance (ASA) 7.x anteriores a 7.2(5.12), 8.x anteriores a 8.2(5.44), 8.3.x anteriores a 8.3(2.39), 8.4.x anteriores a 8.4(6), 8.5.x anteriores a 8.5(1.18), 8.6.x anteriores a 8.6(1.12), 8.7.x anteriores a 8.7(1.6), 9.0.x anteriores a 9.0(2.10) y 9.1.x anteriores a 9.1(2) y Firewall Services Modue (FWSM) 3.1.x y 3.2.x anteriores a 3.2(27) y 4.x anteriores a 4.1(14) permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de paquetes segmentados Transparent Network Substrate (TNS) manipulados, tambien conocido como Bug ID CSCub98434. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5508 • CWE-20: Improper Input Validation •
CVE-2013-5507
https://notcve.org/view.php?id=CVE-2013-5507
The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975. La implementacion IPSec en Cisco Adaptive Security Appliance (ASA) 9.1 anteriores a 9.2(1.7), cuando un tunel IPSec VPN está habilitado, permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de un paquete (1) ICMP o (2) ICMPv6 que es manejado incorrectamente durante el descifrado, tambien conocido como Bug ID CSCue18975. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5507 • CWE-310: Cryptographic Issues •
CVE-2013-3415
https://notcve.org/view.php?id=CVE-2013-3415
Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737. Cisco Adaptive Security Appliance (ASA) Software 8.4.x anteriores a 8.4(3) y 8.6.x aanteriores 8.6(1.3) no maneja apropiadamente la memorua hasta la desconexión de un cliente VPN AnyConnect SSL, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria, y corte de redirección o cuelgue de sistema) a través de paquetes a la dirección IP de la máquina desconectada, tambien conocido como Bug ID CSCtt36737. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3415 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •