Vulnerabilites related to cisco - adaptive_security_virtual_appliance
Vulnerability from fkie_nvd
Published
2018-04-19 20:29
Modified
2024-11-21 03:37
Severity ?
Summary
Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/103934 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040722 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01 | Third Party Advisory, US Government Resource | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040722 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "64116F5B-671C-46DB-A78D-AB14AAF946FD", versionEndIncluding: "6.1.0.7", versionStartIncluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "BC8A9EB8-D0BF-453B-BB21-5EE5D8E29728", versionEndExcluding: "6.2.0.5", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "F78E5B29-1033-4151-A1C2-063D590C0B34", versionEndExcluding: "6.2.2.2", versionStartIncluding: "6.2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "1FA3D6C9-26CC-4E6C-A71A-C50119CC434B", versionEndExcluding: "9.6.4.6", versionStartIncluding: "9.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "EC4174F9-9031-437E-82DE-F58F35594ED0", versionEndExcluding: "9.7.1.24", versionStartIncluding: "9.7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "5F0EB447-BAF2-4ED2-BE4A-02F7FE9E35EE", versionEndExcluding: "9.8.2.24", versionStartIncluding: "9.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "B68B0C20-2628-4355-A48F-619E755305DD", versionEndExcluding: "9.9.1.4", versionStartIncluding: "9.9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "E785C602-BE11-4FFC-A2A7-EC520E220C0F", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*", matchCriteriaId: "A38E373E-438F-44F6-AABF-2C57142507EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:7604:-:*:*:*:*:*:*:*", matchCriteriaId: "65973B50-2AA1-4B83-925A-8DB2D4720ADB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:7606-s:-:*:*:*:*:*:*:*", matchCriteriaId: "25DD80A8-F664-4C30-A89F-C2299CCACB7E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:7609-s:-:*:*:*:*:*:*:*", matchCriteriaId: "385DBA44-E84B-4752-8E8E-170EF13784D7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:7613-s:-:*:*:*:*:*:*:*", matchCriteriaId: "A1E30F72-0218-496D-BFAD-CED0AAC5E58E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5505:-:*:*:*:*:*:*:*", matchCriteriaId: "42EACCF8-8E5F-4227-9B09-9F3B40462B29", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*", matchCriteriaId: "4916B846-AEAD-4C06-9705-048627F27236", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*", matchCriteriaId: "931B9C8E-6AD7-4E05-8E48-27D3931DC8BB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5512-x:-:*:*:*:*:*:*:*", matchCriteriaId: "B202C089-E348-42E0-8818-BB3874B28AFD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5515-x:-:*:*:*:*:*:*:*", matchCriteriaId: "F449766B-F279-41B3-B0D6-049EF05B8DCE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5520:-:*:*:*:*:*:*:*", matchCriteriaId: "7293B424-1022-4013-8A5F-5A023D3DB181", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5540:-:*:*:*:*:*:*:*", matchCriteriaId: "A5FF447F-AE88-4B08-BDE8-26B642BEA80C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF47542-3C2E-4BDB-823F-9A901312C634", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*", matchCriteriaId: "A567EFB6-9A19-4BC0-8EE2-6E2219D09961", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5585-x:-:*:*:*:*:*:*:*", matchCriteriaId: "70928713-E277-4707-9A8A-3438D1760ECE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*", matchCriteriaId: "763B801D-CA1E-4C56-8B06-3373EA307C7E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*", matchCriteriaId: "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*", matchCriteriaId: "92AE506A-E710-465B-B795-470FDE0E0ECA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*", matchCriteriaId: "B091B9BA-D4CA-435B-8D66-602B45F0E0BD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*", matchCriteriaId: "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", matchCriteriaId: "EB71EB29-0115-4307-A9F7-262394FD9FB0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*", matchCriteriaId: "E6287D95-F564-44B7-A0F9-91396D7C2C4E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", matchCriteriaId: "5535C936-391B-4619-AA03-B35265FC15D7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*", matchCriteriaId: "15B48565-92C7-4AE1-AE3A-6FF7DD010745", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*", matchCriteriaId: "F202892E-2E58-4D77-B983-38AFA51CDBC6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*", matchCriteriaId: "0BE25114-ABBC-47A0-9C20-E8D40D721313", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*", matchCriteriaId: "FADD5F49-2817-40EC-861C-C922825708BD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*", matchCriteriaId: "E628F9C4-98C6-4A95-AF81-F1E6A56E8648", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFF899C-1EB3-46D8-9003-EA36A68C90B3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*", matchCriteriaId: "E6463491-F63E-44CB-A1D4-C029BE7D3D3D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*", matchCriteriaId: "D8668D34-096B-4FC3-B9B1-0ECFD6265778", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", matchCriteriaId: "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", matchCriteriaId: "38AE6DC0-2B03-4D36-9856-42530312CC46", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", matchCriteriaId: "3DB2822B-B752-4CD9-A178-934957E306B4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", matchCriteriaId: "65378F3A-777C-4AE2-87FB-1E7402F9EA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:isa-3000-2c2f:-:*:*:*:*:*:*:*", matchCriteriaId: "646795EF-D545-44FE-ADD9-E950783CF976", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:isa-3000-4c:-:*:*:*:*:*:*:*", matchCriteriaId: "A81184F2-631A-46FA-AB96-2B2D20FBEC8D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.", }, { lang: "es", value: "Múltiples vulnerabilidades en la característica Application Layer Protocol de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podrían permitir que un atacante remoto no autenticado desencadene una recarga del dispositivo afectado, lo que resulta en una denegación de servicio (DoS). Las vulnerabilidades se deben a errores de lógica durante la inspección de tráfico. Un atacante podría explotar estas vulnerabilidades enviando un gran volumen de tráfico malicioso a través de un dispositivo afectado. Su explotación podría permitir que el atacante provoque una condición de deadlock, lo que resulta en la recarga del dispositivo afectado. Estas vulnerabilidades afectan a las versiones de Cisco ASA Software y Cisco FTD Software configuradas para la inspección de Application Layer Protocol en los siguientes productos de Cisco: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module y FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.", }, ], id: "CVE-2018-0240", lastModified: "2024-11-21T03:37:47.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-19T20:29:00.817", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103934", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040722", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "E785C602-BE11-4FFC-A2A7-EC520E220C0F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*", matchCriteriaId: "70158003-F6CA-4A5C-893C-BF885A388D31", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2C8AFA-A4B6-44A2-B00C-1950997493C0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4B9B36FF-1061-4DBD-8910-8312FF20EDB5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "465313C5-BFB9-458A-8150-8F7BA1F8C386", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*", matchCriteriaId: "EE7A928A-2CBA-43BC-B312-975EE9E24830", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*", matchCriteriaId: "4CF721BA-25FF-485E-9102-5741AC9BC9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*", matchCriteriaId: "3F34D78E-68C9-4372-85F2-E74A1C8C06F3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*", matchCriteriaId: "05748A45-8423-42F4-8F95-7BA83548C4E9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1C15D1F6-997D-47FD-A654-AEF3332E6105", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*", matchCriteriaId: "FA3E5F50-CBD1-4516-BC97-3AF59DB39A84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "62B54134-5AC7-4D7E-A7F1-D4C2057FF146", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*", matchCriteriaId: "1AFE499E-09BB-4C86-AC74-7568B2D3CA51", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*", matchCriteriaId: "6A0B5BF7-18FB-4066-947E-7352B9951AFD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*", matchCriteriaId: "B42DD43A-B6BD-4C2B-BA57-928501C62388", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*", matchCriteriaId: "BDE65B75-4987-4E77-8814-F7BC9875924A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*", matchCriteriaId: "C890603E-6634-46E2-AFA9-ADE8ED1B9E41", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*", matchCriteriaId: "AEBAB79E-83BF-4AD1-875B-D015A18ECB82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*", matchCriteriaId: "9DA41C5E-F854-4729-9498-C54FA5C00664", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*", matchCriteriaId: "7B08E743-488A-4F99-ABA6-98AD534B603B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*", matchCriteriaId: "978A0B9D-1B1D-4E22-893C-52DE75247BA6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*", matchCriteriaId: "FD17927A-7AFA-4177-A34E-5FEB7A9400AC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*", matchCriteriaId: "989F9AC4-C2D1-49A0-95C3-79A4EB827E07", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*", matchCriteriaId: "B442C852-2465-4EA8-A977-1F10A4CE23AA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*", matchCriteriaId: "C6DB6ED4-3095-46C1-9CB6-2975A7B05303", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EE68CD8E-B9CF-4519-8B0E-4C4488B34887", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*", matchCriteriaId: "EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*", matchCriteriaId: "518D4826-06B0-4DDC-B082-A536418FD292", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*", matchCriteriaId: "E343DE08-58FA-4C39-99F9-8CB5F57D0CD8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*", matchCriteriaId: "76363698-DB62-4D92-8EE4-069891A9F92C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "6159BEE3-D097-4E07-9962-06DB740E2AE3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*", matchCriteriaId: "FD606591-F69A-47AD-9256-20B98CA16135", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4EF3895-F372-45D3-9C7D-15F5C4712D08", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*", matchCriteriaId: "4DC5960D-B917-4ABA-850F-A710676ACB40", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*", matchCriteriaId: "B746A138-6650-49A3-87C8-3728FE5CF215", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*", matchCriteriaId: "E50C2A13-5A8B-4FA5-ABB8-1157E560503B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*", matchCriteriaId: "909F9D55-9276-4CF1-BC63-7CEEF8F25C21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*", matchCriteriaId: "F383D276-D5EC-4335-AC09-9D30F6443AF0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*", matchCriteriaId: "39C2A7FF-6AC3-42B5-954A-9AA5950C523A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*", matchCriteriaId: "3FF969BE-46BB-4AD7-85AB-8384426E9551", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "94E618B3-DD03-4ECD-AB9B-97F1EDF95E79", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*", matchCriteriaId: "0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*", matchCriteriaId: "20424324-881A-496B-BC55-62AA75994249", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*", matchCriteriaId: "D67012F3-5153-400E-BD6F-EB0949875F2B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*", matchCriteriaId: "E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*", matchCriteriaId: "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*", matchCriteriaId: "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*", matchCriteriaId: "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "A6E1C03C-0737-4E2B-B3F9-10770281F4AA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C7052D2-0789-4A4D-917D-FCD894B7280F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*", matchCriteriaId: "0956F0A8-7424-437C-AAD8-203183BEBFCC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "49FB57F9-5B37-4509-B2EB-6A16DFE11F03", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "952F6504-9CD0-453E-8C25-02BB9EE818F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E842AF74-D1E3-4F71-80F9-197B38942405", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "3F6293A8-C21E-46F6-ACC1-6BBAD419B41F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4714F698-BBAE-47BB-99E8-F90D22415EDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "EB55BC7E-0B3F-4202-8768-08F27B763926", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*", matchCriteriaId: "CFB01683-C482-4A5B-90FA-B5266BEA452E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "DA16481A-4A47-4A8E-8C78-87B3A171280A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*", matchCriteriaId: "8C0258ED-6ED0-49C7-A13A-368711649FFF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D448BB56-5B2E-4B3E-B7E8-1F4991F23D81", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*", matchCriteriaId: "2049D602-54F1-4072-936E-0D7E337162B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:asa_1000v_cloud_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "9182B547-0BCA-4700-8F3E-257EB5D4D4F6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*", matchCriteriaId: "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*", matchCriteriaId: "08F0F160-DAD2-48D4-B7B2-4818B2526F35", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*", matchCriteriaId: "977D597B-F6DE-4438-AB02-06BE64D71EBE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*", matchCriteriaId: "EB71EB29-0115-4307-A9F7-262394FD9FB0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*", matchCriteriaId: "57179F60-E330-4FF0-9664-B1E4637FF210", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*", matchCriteriaId: "5535C936-391B-4619-AA03-B35265FC15D7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*", matchCriteriaId: "16AE20C2-C77E-4E04-BF13-A48696E52426", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.", }, { lang: "es", value: "La implementación Smart Call Home (SCH) en Cisco ASA Software 8.2 anterior a 8.2(5.50), 8.4 anterior a 8.4(7.15), 8.6 anterior a 8.6(1.14), 8.7 anterior a 8.7(1.13), 9.0 anterior a 9.0(4.8), y 9.1 anterior a 9.1(5.1) permite a atacantes remotos evadir la validación de certificados a través de un certificado VeriSign arbitrario, también conocido como Bug ID CSCun10916.", }, ], id: "CVE-2014-3394", lastModified: "2024-11-21T02:08:00.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-10T10:55:06.680", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-16 13:15
Modified
2024-11-21 05:44
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 9.16.1 | |
| cisco | firepower_threat_defense | 7.0.0.0 | |
| cisco | adaptive_security_virtual_appliance | - | |
| cisco | firepower_2100 | - | |
| cisco | firepower_2110 | - | |
| cisco | firepower_2120 | - | |
| cisco | firepower_2130 | - | |
| cisco | firepower_2140 | - | |
| cisco | ftd_virtual | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*", matchCriteriaId: "13F57A86-6284-4269-823E-B30C57185D14", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:firepower_threat_defense:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "90C0208A-CF86-47EB-AC1E-F1BBB4D4A5B9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "E785C602-BE11-4FFC-A2A7-EC520E220C0F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*", matchCriteriaId: "D23A26EF-5B43-437C-A962-4FC69D8A0FF4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:ftd_virtual:-:*:*:*:*:*:*:*", matchCriteriaId: "A8E41ECE-56CB-4B41-AE96-B19EFA53EAD1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.", }, { lang: "es", value: "Una vulnerabilidad en el módulo de criptografía de software de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software, podría permitir a un atacante remoto autenticado o a un atacante no autenticado en una posición de tipo man-in-the-middle causar una recarga inesperada del dispositivo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a un error lógico en como el módulo de criptografía del software maneja tipos específicos de errores de descifrado. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes maliciosos a través de una conexión IPsec establecida. Una explotación con éxito podría causar el bloqueo del dispositivo, obligándolo a recargarse. Importante: Una explotación con éxito de esta vulnerabilidad no causaría un compromiso de ningún dato encriptado. Nota: Esta vulnerabilidad sólo afecta la versión 9.16.1 del software Cisco ASA y la versión 7.0.0 del software Cisco FTD", }, ], id: "CVE-2021-1422", lastModified: "2024-11-21T05:44:19.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-16T13:15:08.783", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-617", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-03 17:29
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108185 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108185 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "C8F292C5-67ED-4F18-B6C4-5873BB771C3D", versionEndExcluding: "6.2.3.12", versionStartIncluding: "6.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*", matchCriteriaId: "9A16803C-579C-4992-B37E-7CEC17307659", versionEndExcluding: "6.3.0.3", versionStartIncluding: "6.3.0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "C812C8D5-3159-434C-8B9F-8CB0A8767923", versionEndExcluding: "9.8.4", versionStartIncluding: "9.7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "ABCD2AF8-97D4-45C6-B80E-D5FA9B719BD5", versionEndExcluding: "9.9.2.50", versionStartIncluding: "9.9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", matchCriteriaId: "B4C6B343-2D4D-4C7E-A59E-629773DD2E60", versionEndExcluding: "9.10.1.17", versionStartIncluding: "9.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "E785C602-BE11-4FFC-A2A7-EC520E220C0F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*", matchCriteriaId: "4916B846-AEAD-4C06-9705-048627F27236", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*", matchCriteriaId: "931B9C8E-6AD7-4E05-8E48-27D3931DC8BB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5506w-x:-:*:*:*:*:*:*:*", matchCriteriaId: "D78BA13B-49B2-4ECF-A69D-5C14EAB6B118", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5508-x:-:*:*:*:*:*:*:*", matchCriteriaId: "5806FA7C-356B-45BB-ABB0-54B87167AF77", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5516-x:-:*:*:*:*:*:*:*", matchCriteriaId: "93289CFF-6A07-46F2-A2E0-5C43C67E0DCD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5525-x:-:*:*:*:*:*:*:*", matchCriteriaId: "45A11CA4-D93C-4D32-81C7-E3CF71EC4BBB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF47542-3C2E-4BDB-823F-9A901312C634", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*", matchCriteriaId: "A567EFB6-9A19-4BC0-8EE2-6E2219D09961", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*", matchCriteriaId: "9E9552E6-0B9B-4B32-BE79-90D4E3887A7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*", matchCriteriaId: "9510E97A-FD78-43C6-85BC-223001ACA264", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la implementación del Security Assertion Markup Language (SAML) versión 2.0 Single Sign-On (SSO) para VPN SSL sin clientes (WebVPN) y AnyConnect Remote Access VPN en Cisco Adaptive Security Appliance (ASA) Programa y Cisco Firepower Threat Defense (FTD) El programa podría permitir a un atacante remoto no autenticado establecer con éxito una sesión VPN en un dispositivo afectado. La vulnerabilidad se debe a una gestión inadecuada de las credenciales cuando se utiliza NT LAN Manager (NTLM) o autenticación básica. Un atacante podría explotar esta vulnerabilidad abriendo una sesión VPN a un dispositivo afectado después de que otro usuario VPN se haya autenticado con éxito en el dispositivo afectado a través de SAML SSO. Un exploit con éxito podría permitir al atacante conectarse a redes seguras detrás del dispositivo afectado.", }, ], id: "CVE-2019-1714", lastModified: "2024-11-21T04:37:09.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-03T17:29:00.533", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108185", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2014-3394
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20141008 Multiple Vulnerabilities in Cisco ASA Software", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-08T00:00:00", descriptions: [ { lang: "en", value: "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-10-10T05:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20141008 Multiple Vulnerabilities in Cisco ASA Software", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3394", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20141008 Multiple Vulnerabilities in Cisco ASA Software", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3394", datePublished: "2014-10-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1714
Vulnerability from cvelistv5
Published
2019-05-03 16:15
Modified
2024-11-19 19:08
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108185 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: unspecified < 9.8.4 Version: unspecified < 9.9.2.50 Version: unspecified < 9.10.1.17 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn", }, { name: "108185", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108185", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1714", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:24:19.883643Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:08:27.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Adaptive Security Appliance (ASA) Software", vendor: "Cisco", versions: [ { lessThan: "9.8.4", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "9.9.2.50", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "9.10.1.17", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Cisco Firepower Threat Defense (FTD) Software", vendor: "Cisco", versions: [ { lessThan: "6.2.3.12", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "6.3.0.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-05-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-255", description: "CWE-255", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-08T08:05:59", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn", }, { name: "108185", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108185", }, ], source: { advisory: "cisco-sa-20190501-asaftd-saml-vpn", defect: [ [ "CSCvn72570", ], ], discovery: "INTERNAL", }, title: "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-05-01T16:00:00-0700", ID: "CVE-2019-1714", STATE: "PUBLIC", TITLE: "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Adaptive Security Appliance (ASA) Software", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "9.8.4", }, { affected: "<", version_affected: "<", version_value: "9.9.2.50", }, { affected: "<", version_affected: "<", version_value: "9.10.1.17", }, ], }, }, { product_name: "Cisco Firepower Threat Defense (FTD) Software", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "6.2.3.12", }, { affected: "<", version_affected: "<", version_value: "6.3.0.3", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-255", }, ], }, ], }, references: { reference_data: [ { name: "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn", }, { name: "108185", refsource: "BID", url: "http://www.securityfocus.com/bid/108185", }, ], }, source: { advisory: "cisco-sa-20190501-asaftd-saml-vpn", defect: [ [ "CSCvn72570", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1714", datePublished: "2019-05-03T16:15:18.833510Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:08:27.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1422
Vulnerability from cvelistv5
Published
2021-07-16 12:25
Modified
2024-11-07 22:06
Severity ?
EPSS score ?
Summary
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1422", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:41:12.282761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T22:06:04.583Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Adaptive Security Appliance (ASA) Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-07-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-16T12:25:14", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", }, ], source: { advisory: "cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", defect: [ [ "CSCvy66711", ], ], discovery: "INTERNAL", }, title: "Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-07-15T23:00:00", ID: "CVE-2021-1422", STATE: "PUBLIC", TITLE: "Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Adaptive Security Appliance (ASA) Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.7", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-617", }, ], }, ], }, references: { reference_data: [ { name: "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", }, ], }, source: { advisory: "cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC", defect: [ [ "CSCvy66711", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1422", datePublished: "2021-07-16T12:25:14.725100Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-07T22:06:04.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0240
Vulnerability from cvelistv5
Published
2018-04-19 20:00
Modified
2024-11-29 15:17
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040722 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/103934 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Adaptive Security Appliance |
Version: Cisco Adaptive Security Appliance |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:14.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", }, { name: "1040722", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040722", }, { name: "103934", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103934", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0240", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:44:25.368518Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:17:08.486Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Adaptive Security Appliance", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Adaptive Security Appliance", }, ], }, ], datePublic: "2018-04-19T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-399", description: "CWE-399", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-05T17:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", }, { name: "1040722", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040722", }, { name: "103934", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103934", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0240", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Adaptive Security Appliance", version: { version_data: [ { version_value: "Cisco Adaptive Security Appliance", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-399", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect", }, { name: "1040722", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040722", }, { name: "103934", refsource: "BID", url: "http://www.securityfocus.com/bid/103934", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0240", datePublished: "2018-04-19T20:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:17:08.486Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }