CVE-2013-0149
https://notcve.org/view.php?id=CVE-2013-0149
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795. La implementación OSFPF en Cisco IOS v12.0 hasta la v 12.4 y v15.0 hasta v15.3, IOS-XE v2.x hasta la v3.9.xS, ASA y PIX 7.x hasta la v9.1, FWSM, NX-OS, y StarOS anterior a v14.0.50488 no valida correctamente los paquetes Link State Advertisement (LSA) tipo 1 antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción del enrutamiento) u obtener información sensible a través de un paquete (1) unicast o (2) un paquete de multidifusión, también conocido como Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, y CSCug39795. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf http://www.kb.cert.org/vuls/id/229804 •
CVE-2008-0028
https://notcve.org/view.php?id=CVE-2008-0028
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. Hay una vulnerabilidad no especificada en PIX 500 Series Security Appliance y 5500 Series Adaptive Security Appliance (ASA) de Cisco anterior a las versiones 7.2 (3) 6 y 8.0 (3), cuando la función de decremento de Time-to-Live (TTL) está habilitada, permite que los atacantes remotos causen una denegación de servicio (recarga del dispositivo) por medio de un paquete IP creado. • http://secunia.com/advisories/28625 http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml http://www.securityfocus.com/bid/27418 http://www.securitytracker.com/id?1019262 http://www.securitytracker.com/id?1019263 http://www.vupen.com/english/advisories/2008/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/39862 •
CVE-2007-0961
https://notcve.org/view.php?id=CVE-2007-0961
Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets. Cisco PIX 500 y ASA 5500 Series Security Appliances 6.x versiones anteriores a 6.3(5.115), 7.0 versiones anteriores a 7.0(5.2), y 7.1 versiones anteriores a 7.1(2.5), y el FWSM 3.x versiones anteriores a 3.1(3.24), cuando la opción "inspect sip" está habilitada, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante paquetes SIP mal-formados. • http://osvdb.org/33054 http://secunia.com/advisories/24160 http://secunia.com/advisories/24179 http://secunia.com/advisories/24180 http://securitytracker.com/id?1017651 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml http://www.kb.cert.org/vuls/id/430969 http://www.securityfocus.com/bid/22561 http://www.securityfocus.com/bid/22562 http://www.securitytracker.com/ •
CVE-2007-0962
https://notcve.org/view.php?id=CVE-2007-0962
Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. Cisco PIX 500 y ASA 5500 Series Security Appliances 7.x versiones anteriores a 7.0(4.14), 7.1 versiones anteriores a 7.1(2.1), y el FWSM 2.x versiones anteriores a 2.3(4.12) y 3.x versiones anteriores a 3.1(3.24), cuando "inspect http" está habilitado, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante tráfico HTTP mal-formado. • http://osvdb.org/33055 http://secunia.com/advisories/24160 http://secunia.com/advisories/24180 http://securitytracker.com/id?1017651 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml http://www.securityfocus.com/bid/22561 http://www.securityfocus.com/bid/22562 http://www.securitytracker.com/id?1017652 http://www.vupen.com/english/advisories/2007/0608 https://exchange.x •
CVE-2006-4312
https://notcve.org/view.php?id=CVE-2006-4312
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. Cisco PIX 500 Series Security Appliances y ASA 5500 Series Adaptive Security Appliances, cuando ejecutan 7.0(x) hasta 7.0(5) y 7.1(x) hasta 7.1(2.4), y el Firewall Services Module (FWSM) 3.1(x) hasta 3.1(1.6), provoca que la contraseña EXEC, las contraseñas de usuario local, y la contraseña de activación se cambien a un "valor no aleatorio" bajo determinadas circunstancias, lo que provoca un bloqueo a los administradores y podría permitir a los atacantes obtener acceso. • http://secunia.com/advisories/21616 http://securitytracker.com/id?1016738 http://securitytracker.com/id?1016739 http://securitytracker.com/id?1016740 http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml http://www.osvdb.org/28143 http://www.securityfocus.com/bid/19681 http://www.vupen.com/english/advisories/2006/3367 https://exchange.xforce.ibmcloud.com/vulnerabilities/28540 •