14 results (0.015 seconds)

CVSS: 7.1EPSS: 1%CPEs: 6EXPL: 0

Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. Hay una vulnerabilidad no especificada en PIX 500 Series Security Appliance y 5500 Series Adaptive Security Appliance (ASA) de Cisco anterior a las versiones 7.2 (3) 6 y 8.0 (3), cuando la función de decremento de Time-to-Live (TTL) está habilitada, permite que los atacantes remotos causen una denegación de servicio (recarga del dispositivo) por medio de un paquete IP creado. • http://secunia.com/advisories/28625 http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml http://www.securityfocus.com/bid/27418 http://www.securitytracker.com/id?1019262 http://www.securitytracker.com/id?1019263 http://www.vupen.com/english/advisories/2008/0259 https://exchange.xforce.ibmcloud.com/vulnerabilities/39862 •

CVSS: 7.8EPSS: 7%CPEs: 8EXPL: 0

Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets. Cisco PIX 500 y ASA 5500 Series Security Appliances 6.x versiones anteriores a 6.3(5.115), 7.0 versiones anteriores a 7.0(5.2), y 7.1 versiones anteriores a 7.1(2.5), y el FWSM 3.x versiones anteriores a 3.1(3.24), cuando la opción "inspect sip" está habilitada, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante paquetes SIP mal-formados. • http://osvdb.org/33054 http://secunia.com/advisories/24160 http://secunia.com/advisories/24179 http://secunia.com/advisories/24180 http://securitytracker.com/id?1017651 http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml http://www.kb.cert.org/vuls/id/430969 http://www.securityfocus.com/bid/22561 http://www.securityfocus.com/bid/22562 http://www.securitytracker.com/ •

CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. Cisco PIX 500 Series Security Appliances y ASA 5500 Series Adaptive Security Appliances, cuando ejecutan 7.0(x) hasta 7.0(5) y 7.1(x) hasta 7.1(2.4), y el Firewall Services Module (FWSM) 3.1(x) hasta 3.1(1.6), provoca que la contraseña EXEC, las contraseñas de usuario local, y la contraseña de activación se cambien a un "valor no aleatorio" bajo determinadas circunstancias, lo que provoca un bloqueo a los administradores y podría permitir a los atacantes obtener acceso. • http://secunia.com/advisories/21616 http://securitytracker.com/id?1016738 http://securitytracker.com/id?1016739 http://securitytracker.com/id?1016740 http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml http://www.osvdb.org/28143 http://www.securityfocus.com/bid/19681 http://www.vupen.com/english/advisories/2006/3367 https://exchange.xforce.ibmcloud.com/vulnerabilities/28540 •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue ** IMPUGNADA ** Vulnerabilidad no especificada en Cisco PIX 500 Series Security Appliances permite a atacantes remotos enviar paquetes UDP de su elección a dispositivos de la intranet mediante vectores no especificados relacionados con comandos de establecimiento del Protocolo de Iniciación de Sesión (Session Initiation Protocol o SIP), un problema distinto de CVE-2006-4032. NOTA: el fabricante, tras trabajar con el investigador, ha sido incapaz de reproducir el problema. • http://searchsecurity.techtarget.com/originalContent/0%2C289142%2Csid14_gci1207450%2C00.html http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/tsd_products_security_response09186a008070d33b.html http://www.idoel.smilejogja.com/2006/08/14/blinded-by-the-glare-of-facial-piercings-at-black-hat-or-the-one-that-got-away http://www.networkworld.com/news/2006/080406-black-hat-unpatched-flaw-revealed.html?t5 http://www.osvdb.org/29781 http://www.securityfocus.com/bid/19536 •

CVSS: 5.0EPSS: 5%CPEs: 138EXPL: 0

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. Protocolo Internet Key Exchange (IKE) version 1, implementado para Cisco IOS, VPN 3000 Concentrators, y PIX firewalls, permite a atacantes remotos provocar denegación de servicio (agotamiento de recursos) a través de un flood de paquetes IKE Phase-1 que exceden el ratio de expiración de la sesión. NOTA: se ha indicado que esto es debido a un diseño debil del protocolo IKe version 1, en cuyo caso otros vendedores e implementaciones podrían verse afectados. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html http://securityreason.com/securityalert/1293 http://securitytracker.com/id?1016582 http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html http://www.osvdb.org/29068 http://www.securityfocus.com/archive/1/441203/100/0/threaded http://www.securityfocus.com/bid/19176 https://exchange.xforce.ibmcloud.com/vulnerabilities& •