CVSS: 7.8EPSS: 2%CPEs: 60EXPL: 3CVE-2010-4670
https://notcve.org/view.php?id=CVE-2010-4670
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. La implantación del protocolo "Neighbor Discovery" (ND) en la pila IPv6 de los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software 8.2(3) y versiones anteriores, y dispositivos Cisco PIX Security Appliances, permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y cuelgue del dispositivo) enviando múltiples mensajes de "Router Advertisement" (anuncio de ruta) con direcciones de fuente distintas, como se ha demostrado con el programa flood_router6 del paquete thc-ipv6. También conocido como Bug ID CSCti24526 • http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3 http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45760 http://www.securitytracker.com/id?1024963 http://www.youtube.com/watch?v=00yjWB6gGy8 https://exchange.xforce.ibmcloud.com/vu • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2010-4673
https://notcve.org/view.php?id=CVE-2010-4673
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. Dispositivos Cisco Adaptive Security Appliances (ASA) series 5500, con software v8.2(4) y anteriores permite a atacantes remotos causar una denegación de servicio a través de una inundación de paquetes, también conocido como ID de error CSCtg06316. • http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45766 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64599 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4678
https://notcve.org/view.php?id=CVE-2010-4678
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. Dispositivos Cisco Adaptive Security Appliances (ASA) series 5500 con software anterior a v8.2(3) permite a los paquetes pasar antes de que la configuración se haya cargado, lo que podría permitir a atacantes remotos evitar las restricciones de acceso previstas, mediante el envío de tráfico por la red durante el inicio del dispositivo, también conocido como Bug ID CSCsy86769 • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64604 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4679
https://notcve.org/view.php?id=CVE-2010-4679
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. Los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software anterior a 8.2(3) no manejan apropiadamente los fallos de conexión de OCSP ("Online Certificate Status Protocol"), lo que permite a los emisarios de respuestas OCSP provocar una denegación de servicio (consumo de todos los sockets TCP) rechazando intentos de conexión. También conocido como Bug ID CSCsz36816. • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64605 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 58EXPL: 0CVE-2010-4675
https://notcve.org/view.php?id=CVE-2010-4675
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. Los dispositivos Cisco Adaptive Security Appliances (ASA) 5500 series con software anterior a 8.2(3) no determinan apropiadamente los interfaces para los que las conexiones TELNET están permitidas, lo que permite a usuarios autenticados remotos evitar las restricciones de acceso previstas a través de vectores que involucran el interfaz de nivel de seguridad más bajo ("lowest security level interface"). También conocido como Bug ID CSCsv40504. • http://secunia.com/advisories/42931 http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf http://www.securityfocus.com/bid/45767 http://www.securitytracker.com/id?1024963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64601 • CWE-264: Permissions, Privileges, and Access Controls •