Page 7 of 45 results (0.005 seconds)

CVSS: 8.6EPSS: 0%CPEs: 21EXPL: 0

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device. Una vulnerabilidad en la implementación del Security Assertion Markup Language (SAML) versión 2.0 Single Sign-On (SSO) para VPN SSL sin clientes (WebVPN) y AnyConnect Remote Access VPN en Cisco Adaptive Security Appliance (ASA) Programa y Cisco Firepower Threat Defense (FTD) El programa podría permitir a un atacante remoto no autenticado establecer con éxito una sesión VPN en un dispositivo afectado. • http://www.securityfocus.com/bid/108185 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn • CWE-255: Credentials Management Errors •

CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0

A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition. Una vulnerabilidad en el administrador de sesiones VPN de acceso remoto de Cisco Adaptive Security Appliance (ASA) Software podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) en los servicios VPN de acceso remoto. • http://www.securityfocus.com/bid/108151 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-vpn-dos • CWE-404: Improper Resource Shutdown or Release •

CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition. Una vulnerabilidad en el módulo de programa de cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) y Firepower versión 2100 Series que ejecuta Cisco Adaptive Security Appliance (ASA) el programa podría permitir que un atacante remoto no autenticado provoque una recarga inesperada del dispositivo que provoque una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-404: Improper Resource Shutdown or Release •

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses. • http://www.securityfocus.com/bid/108166 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •

CVSS: 4.8EPSS: 0%CPEs: 19EXPL: 0

Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities. • http://www.securityfocus.com/bid/108152 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •