CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2011-2054 – Cisco ASA Secondary Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2011-2054
19 Feb 2020 — A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. Una vulnerabilidad en el Cisco ASA ... • https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 211EXPL: 0CVE-2019-1649 – Cisco Secure Boot Hardware Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-1649
13 May 2019 — A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot har... • http://www.securityfocus.com/bid/108350 • CWE-284: Improper Access Control CWE-667: Improper Locking •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-1312
https://notcve.org/view.php?id=CVE-2016-1312
09 Mar 2016 — The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. El motor de inspección HTTPS en Content Security y Control Security Services Module (CSC-SSM) 6.6 en versiones anteriores a 6.6.1164.0 para dispositivos Cisco ASA 5500 permite a atacantes remotos provocar una denegación ... • http://www.securityfocus.com/bid/84281 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •