CVE-2012-5010
https://notcve.org/view.php?id=CVE-2012-5010
ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions. ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x antes 9.4.1 Interim, 9.2.x antes 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x antes 8.4.7 Interim, 8.2.x antes 8.2.5 Interim, 9.1.x antes 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x antes 8.2.5 Interim, 8.4.x antes 8.4.7 Interim, 9.1.x antes 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x antes 9.2.4 Interim, 8.4.x antes 8.4.7 Interim, 9.1.x antes 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x antes 9.4.1 Interim, 9.2.x antes 9.2.4 Interim or 9.2.4.SMP, 9.1.x antes 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x antes 8.2.5 Interim, 8.4.x antes 8.4.7 Interim, 9.1.x antes 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x antes 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x antes 9.2.4 Interim or 9.2.4.SMP, 9.4.x antes 9.4.1 Interim, 9.1.x antes 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x antes 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x antes 9.2.4 Interim, 9.4.x antes 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x antes 9.4.1 Interim, 9.2.x antes 9.2.4 Interim or 9.2.4.SMP, 9.1.x antes 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x antes 9.4.1 Interim, 9.2.x antes 9.2.4 Interim or 9.2.4.SMP. 9.1.x antes 9.1.6 ASA no comprueba el origen de la solicitud ARP o los paquetes GARP para las direcciones que realiza la traducción NAT bajo condiciones no especificadas. • http://www.securityfocus.com/bid/99332 https://icisystem.blogspot.com/2016/01/cisco-notification-alert-asa-5500.html • CWE-254: 7PK - Security Features •
CVE-2017-3867
https://notcve.org/view.php?id=CVE-2017-3867
A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). Una vulnerabilidad en la implementación de BFD (Border Forwarding Detection) del software Cisco Adaptive Security Appliance (ASA) de Border Gateway Protocol (BGP) podría permitir a un atacante remoto no autenticado omitir la lista de control de acceso (ACL) para tráfico TCP y UDP específico. • http://www.securityfocus.com/bid/96926 http://www.securitytracker.com/id/1038051 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa • CWE-287: Improper Authentication •
CVE-2017-3807 – Cisco ASA - WebVPN CIFS Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-3807
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. • https://www.exploit-db.com/exploits/41369 http://www.securityfocus.com/bid/96161 http://www.securitytracker.com/id/1037797 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0760
https://notcve.org/view.php?id=CVE-2015-0760
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. La implementación IKEv1 en Cisco ASA Software 7.x, 8.0.x, 8.1.x, y 8.2.x anterior a 8.2.2.13 permite a usuarios remotos autenticados evadir la autenticación XAUTH a través de paquetes IKEv1 manipulados, también conocido como Bug ID CSCus47259. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39157 http://www.securitytracker.com/id/1032473 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-0676
https://notcve.org/view.php?id=CVE-2015-0676
The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655. La implementación DNS en Software Cisco Adaptive Security Appliance (ASA) 7.2 anterior a 7.2(5.16), 8.2 anterior a 8.2(5.57), 8.3 anterior a 8.3(2.44), 8.4 anterior a 8.4(7.28), 8.5 anterior a 8.5(1.24), 8.6 anterior a 8.6(1.17), 8.7 anterior a 8.7(1.16), 9.0 anterior a 9.0(4.33), 9.1 anterior a 9.1(6.1), 9.2 anterior a 9.2(3.4), y 9.3 anterior a 9.3(3) permite a atacantes man-in-the-middle causar una denegación de servicio (corrupción de memoria o interrupción de dispositivo) mediante la provocación de consultas DNS salientes y posteriormente el envío de respuestas manipuladas a estas consultas, también conocido como Bug ID CSCuq77655. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa http://www.securitytracker.com/id/1032045 • CWE-20: Improper Input Validation •