Page 7 of 64 results (0.010 seconds)

CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device. Una vulnerabilidad en el subsistema de autorización de Cisco Adaptive Security Appliance (ASA) Software podría permitir que un atacante remoto autenticado, pero sin privilegios (niveles 0 y 1), realice acciones privilegiadas mediante el uso de la interfaz de gestión web. • http://www.securityfocus.com/bid/106256 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc https://www.tenable.com/security/research/tra-2018-46 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 8.6EPSS: 1%CPEs: 9EXPL: 0

A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available. Una vulnerabilidad en el motor de inspección SIP (Session Initiation Protocol) de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podría permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue o el alto uso de recursos de la CPU, lo que resulta en una denegación de servicio (DoS). • http://www.securityfocus.com/bid/105768 http://www.securitytracker.com/id/1042129 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0

A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition. Una vulnerabilidad en el controlador del acelerador de hardware criptográfico de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podría permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue, lo que resulta en una denegación de servicio (DoS) temporal. • http://www.securitytracker.com/id/1041787 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition. Una vulnerabilidad en la implementación de Traffic Flow Confidentiality (TFC) en la funcionalidad IPsec en Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podría permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se reinicie inesperadamente, lo que resulta en una denegación de servicio (DoS). • http://www.securitytracker.com/id/1041786 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-ipsec-dos • CWE-320: Key Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to errors that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit this vulnerability by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to access resources that are behind the affected device and would typically be protected by the interface ACL. Una vulnerabilidad en la característica per-user-override de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podría permitir que un atacante remoto no autenticado omita una lista de control de acceso (ACL) que está configurada para una interfaz de un dispositivo afectado. • http://www.securityfocus.com/bid/105517 http://www.securitytracker.com/id/1041788 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-acl-bypass • CWE-284: Improper Access Control •