Page 9 of 51 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506. Vulnerabilidad no especificada en la implementación de Transport Layer Security (TLS) en Cisco Adaptive Security Appliances (ASA) para dispositivos de la serie 5500 con software v7.2 anteriores a v7.2(5), v8.0 anteriores a v8.0(5.15), v8.1 anteriores a v8.1(2.44), v8.2 anteriores a v8.2(2.17), y v8.3 anteriores a v8.3(1.6) y Cisco PIX Security Appliances para dispositivos de la serie 500, permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante secuencias de paquetes TLS manipulados, también conocido como Bug ID CSCtf37506. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42196 •

CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567. Vulnerabilidad no especificada en la característica de inspección SunRPC en dispositivos Cisco Adaptive Security Appliances (ASA) serie 5500 con software v7.2 anteriores a v7.2(5), v8.0 anteriores a v8.0(5.19), v8.1 anteriores a v8.1(2.47), y v8.2 anteriores a v8.2(2) y Cisco PIX Security Appliances 500, permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante un mensajes SunRPC UDP manipulados, también conocido como Bug ID CSCtc77567. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." La configuración por defecto de Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) v7.0, v7.1, v7.2, v8.0, v8.1, y v8.2 permite que el tráfico del portal acceda a servidores de su elección en el backend, lo que podría permitir a usuarios autenticados remotamente eludir las restricciones de acceso implementadas y acceder a sitios web no autorizados mediante una URL ofuscada con ROT13 y cierto cifrado. NOTA: este comportamiento fue reportado originalmente como una carencia de restricciones en el listado de URLs en el componente de marcadores de Cisco WebVPN, pero el fabricante mantiene que "la característica de marcador no es una característica de seguridad" • http://osvdb.org/61132 http://secunia.com/advisories/37710 http://tools.cisco.com/security/center/viewAlert.x?alertId=19609 http://www.securityfocus.com/archive/1/508530/100/0/threaded http://www.securitytracker.com/id?1023368 http://www.vupen.com/english/advisories/2009/3577 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.1(1) hasta v7.1(2)82, v7.2 anteriores a v7.2(4)27, v8.0 anteriores a v8.0(4)25, y v8.1 anteriores a v8.1(2)15, cuando introducimos en un campo de atributo general AAA, permite a atacantes remotos saltarse la autenticación y establecer una sesión VPN a un dispositivo ASO mediante vectores no especificados. • http://osvdb.org/53441 http://secunia.com/advisories/34607 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml http://www.securityfocus.com/bid/34429 http://www.securitytracker.com/id?1022016 http://www.vupen.com/english/advisories/2009/0981 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets. Vulnerabilidad no específica en Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.2 anteriores a v7.2(4)26, v8.0 anteriores a v8.0(4)22, y v8.1 anteriores a v8.1(2)12, cuando la inspección SQL*Net está activada, permite a los atacantes remotos provocar una denegación de servicio (rastreo y recarga del dispositivo) a través de series de paquetes SQL*Net. • http://osvdb.org/53446 http://secunia.com/advisories/34607 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml http://www.securityfocus.com/bid/34429 http://www.securitytracker.com/id?1022015 http://www.vupen.com/english/advisories/2009/0981 •