Page 7 of 143 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 206EXPL: 0

A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca http://www.securityfocus.com/bid/93786 http://www.securitytracker.com/id/1037060 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 96%CPEs: 31EXPL: 3

Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. Cisco Adaptive Security Applicance (ASA) Software en versiones anteriores a 8.4(1) en dispositivos ASA 5500, ASA 5500-X, PIX y FWSM permite a usuarios locales obtener privilegios a través de comandos CLI no válidos, también conocido como Bug ID CSCtu74257 o EPICBANANA. A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. • https://www.exploit-db.com/exploits/40271 http://blogs.cisco.com/security/shadow-brokers http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516 http://www.securityfocus.com/bid/92520 http://www.securitytracker.com/id/1036636 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 96%CPEs: 52EXPL: 5

Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON. Desbordamiento de búfer en Cisco Adaptive Security Applicance (ASA) Software hasta la versión 9.4.2.3 en dispositivos ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX y FWSM permite a usuarios remotos autenticados ejecutar código arbitrario a través de paquetes IPv4 SNMP manipulados, también conocido como Bug ID CSCva92151 o EXTRABACON. A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code. • https://www.exploit-db.com/exploits/40258 https://github.com/RiskSense-Ops/CVE-2016-6366 http://blogs.cisco.com/security/shadow-brokers http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516 http://www.securityfocus.com/bid/92521 http://www.securitytracker.com/id/1036637 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40258.zip https://zerosum0x0 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. Cisco Adaptive Security Appliance (ASA) Software 8.2 hasta la versión 9.4.3.3 permite a atacantes remotos eludir el ICMP Echo Reply ACLs previsto a través de vectores relacionados con los subtipos. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asa http://www.securityfocus.com/bid/91693 http://www.securitytracker.com/id/1036271 •

CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •