CVSS: 7.8EPSS: 96%CPEs: 31EXPL: 3CVE-2016-6367 – Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-6367
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. Cisco Adaptive Security Applicance (ASA) Software en versiones anteriores a 8.4(1) en dispositivos ASA 5500, ASA 5500-X, PIX y FWSM permite a usuarios locales obtener privilegios a través de comandos CLI no válidos, también conocido como Bug ID CSCtu74257 o EPICBANANA. A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. • https://www.exploit-db.com/exploits/40271 http://blogs.cisco.com/security/shadow-brokers http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56516 http://www.securityfocus.com/bid/92520 http://www.securitytracker.com/id/1036636 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40271.zip • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 79EXPL: 0CVE-2014-0710
https://notcve.org/view.php?id=CVE-2014-0710
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824. Condición de carrera en la funcionalidad "cut-through proxy" en Cisco Firewall Services Module (FWSM) Software 3.x anterior a 3.2(28) y 4.x anterior a 4.1(15) permite a atacantes remotos causar una denegación de servicio (reinicio de dispositivo) a través de cierto tráfico coincidente, también conocido como Bug ID CSCuj16824. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 168EXPL: 0CVE-2013-5508
https://notcve.org/view.php?id=CVE-2013-5508
The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434. El motor de SQL*Net inspection en Cisco Adaptive Security Appliance (ASA) 7.x anteriores a 7.2(5.12), 8.x anteriores a 8.2(5.44), 8.3.x anteriores a 8.3(2.39), 8.4.x anteriores a 8.4(6), 8.5.x anteriores a 8.5(1.18), 8.6.x anteriores a 8.6(1.12), 8.7.x anteriores a 8.7(1.6), 9.0.x anteriores a 9.0(2.10) y 9.1.x anteriores a 9.1(2) y Firewall Services Modue (FWSM) 3.1.x y 3.2.x anteriores a 3.2(27) y 4.x anteriores a 4.1(14) permite a atacantes remotos causar una denegación de servicio (recarga de dispositivo) a través de paquetes segmentados Transparent Network Substrate (TNS) manipulados, tambien conocido como Bug ID CSCub98434. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5508 • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 72EXPL: 0CVE-2013-5506
https://notcve.org/view.php?id=CVE-2013-5506
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. La funcionalidad de autorización en Cisco Firewall Services Module (FWSM) 3.1.x y 3.2.x anterior a 3.2(25) y 4.x anterior a 4.1(13), cuando el modo multiple-context está habilitado, permite a usuarios locales leer o modificar cualquier configuración de contexto a través de comandos no especificados, tambien conocido como Bug ID CSCue46080. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1195
https://notcve.org/view.php?id=CVE-2013-1195
The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. La implementación de ACL basado en el tiempo de Cisco Adaptive Security Appliances (ASA) dispositivos y en el Módulo de Servicios Cisco Firewall (FWSM), no trata correctamente las declaraciones periódicas para el comando por rangos de tiempo, lo que permite a atacantes remotos evitar las restricciones de acceso destinados al enviar tráfico de la red durante los períodos de tiempo negados, también conocido como Bug IDs CSCuf79091 y CSCug45850. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1195 • CWE-264: Permissions, Privileges, and Access Controls •