CVE-2017-6610
https://notcve.org/view.php?id=CVE-2017-6610
A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. • http://www.securityfocus.com/bid/97934 http://www.securitytracker.com/id/1038314 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVE-2017-6607
https://notcve.org/view.php?id=CVE-2017-6607
A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Note: Only traffic directed to the affected device can be used to exploit this vulnerability. • http://www.securityfocus.com/bid/97933 http://www.securitytracker.com/id/1038319 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns • CWE-399: Resource Management Errors •
CVE-2017-3793
https://notcve.org/view.php?id=CVE-2017-3793
A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321. • http://www.securityfocus.com/bid/97923 http://www.securitytracker.com/id/1038329 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2017-6609
https://notcve.org/view.php?id=CVE-2017-6609
A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. • http://www.securityfocus.com/bid/97936 http://www.securitytracker.com/id/1038316 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec • CWE-399: Resource Management Errors •
CVE-2017-3867
https://notcve.org/view.php?id=CVE-2017-3867
A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). Una vulnerabilidad en la implementación de BFD (Border Forwarding Detection) del software Cisco Adaptive Security Appliance (ASA) de Border Gateway Protocol (BGP) podría permitir a un atacante remoto no autenticado omitir la lista de control de acceso (ACL) para tráfico TCP y UDP específico. • http://www.securityfocus.com/bid/96926 http://www.securitytracker.com/id/1038051 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa • CWE-287: Improper Authentication •