CVSS: 7.8EPSS: 93%CPEs: 31EXPL: 3CVE-2016-6367 – Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-6367
18 Aug 2016 — Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. Cisco Adaptive Security Applicance (ASA) Software en versiones anteriores a 8.4(1) en dispositivos ASA 5500, ASA 5500-X, PIX y FWSM permite a usuarios locales obtener privilegios a través de comandos CLI no válidos, también conocido como Bug ID CSCtu74257 o EPICBANANA. A vulnerability in the command-... • https://www.exploit-db.com/exploits/40271 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 96%CPEs: 52EXPL: 6CVE-2016-6366 – Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2016-6366
18 Aug 2016 — Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON. Desbordamiento de búfer en Cisco Adaptive Security Applicance (ASA) Software hasta la versión 9.4.2.3 en dispositivos ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, F... • https://packetstorm.news/files/id/180758 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1445
https://notcve.org/view.php?id=CVE-2016-1445
12 Jul 2016 — Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. Cisco Adaptive Security Appliance (ASA) Software 8.2 hasta la versión 9.4.3.3 permite a atacantes remotos eludir el ICMP Echo Reply ACLs previsto a través de vectores relacionados con los subtipos. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asa •
CVSS: 6.8EPSS: 0%CPEs: 68EXPL: 0CVE-2016-1379
https://notcve.org/view.php?id=CVE-2016-1379
28 May 2016 — Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted (1) LAN-to-LAN or (2) Remote Access VPN tunnel packets, aka Bug ID CSCuv70576. Cisco Adaptive Security Appliance (ASA) Software 9.0 hasta la versión 9.5.1 no maneja correctamente error de procesamiento IPsec, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memo... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 131EXPL: 0CVE-2016-1385
https://notcve.org/view.php?id=CVE-2016-1385
26 May 2016 — The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authenticated users to cause a denial of service (instability, memory consumption, or device reload) by leveraging (1) administrative access or (2) Clientless SSL VPN access to provide a crafted XML document, aka Bug ID CSCut14209. Vulnerabilidad en el intérprete XML en Cisco Adaptive Security Appliance (ASA) Software hasta la versión 9.5.2 permite a usuarios remotos autenticados provocar una denegación de servici... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1367
https://notcve.org/view.php?id=CVE-2016-1367
21 Apr 2016 — The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID CSCus23248. La implementación de DHCPv6 relay en Cisco Adaptive Security Appliance (ASA) Software 9.4.1 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de paquetes DHCPv6 manipulados, también conocida como Bug ID CSCus23248. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 93%CPEs: 199EXPL: 6CVE-2016-1287 – Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-1287
11 Feb 2016 — Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute... • https://packetstorm.news/files/id/137100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2016-1295
https://notcve.org/view.php?id=CVE-2016-1295
16 Jan 2016 — Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. Cisco Adaptive Security Appliance (ASA) Software 8.4 permite a atacantes remotos obtener información sensible a través de un intento de autenticación AnyConnect, también conocido como Bug ID CSCuo65775. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6423
https://notcve.org/view.php?id=CVE-2015-6423
15 Jan 2016 — The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. La implementación DCERPC Inspection en Cisco Adaptive Security Appliance (ASA) Software 9.4.1 hasta la versión 9.5.1 permite a usuarios remotos autenticados eludir una ACL destinada a DCERPC-only mediante el envío de tráfico de red arbitrario, también conocido como Bug ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa • CWE-264: Permissions, Privileges, and Access Controls •