Skip to main content

Adaptive Security Appliance

42 CVEs product

Monthly

CVE-2023-20107 HIGH This Week

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20795 HIGH This Week

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-40118 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Stack Overflow Adaptive Security Appliance +10
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40117 HIGH This Week

A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense +9
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-34793 HIGH This Week

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2021-34791 MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34790 MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34787 MEDIUM This Month

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software +8
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-3599 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Adaptive Security Appliance Software
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3572 HIGH This Week

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.7%
CVE-2020-3564 MEDIUM This Month

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-3561 MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
4.7
EPSS
1.3%
CVE-2020-3555 HIGH This Week

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-3554 HIGH This Week

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-3529 HIGH This Week

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-3528 HIGH This Week

A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3436 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-3304 HIGH This Week

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
3.8%
CVE-2020-3306 HIGH This Week

A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-3305 HIGH This Week

A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-3303 HIGH This Week

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-12698 HIGH This Week

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-12695 MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-12693 MEDIUM This Month

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2019-12678 HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12676 HIGH This Week

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2019-12673 HIGH This Week

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Adaptive Security Appliance Adaptive Security Appliance Software +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2017-12265 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-0655 MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-0653 MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-6696 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2013-3463 MEDIUM This Month

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-3414 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-3382 HIGH This Week

The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1199 MEDIUM This Month

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco Adaptive Security Appliance Clientless Ssl Vpn Adaptive Security Appliance Software +1
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-1194 MEDIUM This Month

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5415 MEDIUM This Month

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco 5500 Adaptive Security Appliance 5500 Series Adaptive Security Appliance +1
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2013-1152 HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1150 HIGH This Week

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Authentication Bypass Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1138 MEDIUM This Month

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-6395 MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance Asa 1000V Cloud Firewall +1
NVD
CVSS 2.0
6.3
EPSS
1.0%
CVE-2012-5717 MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance +2
NVD
CVSS 2.0
6.3
EPSS
0.3%
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service +12
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service +11
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance +10
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance +1
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Adaptive Security Appliance +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Denial Of Service +3
NVD
EPSS 4% CVSS 8.6
HIGH This Week

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the implementation of the Border Gateway Protocol (BGP) module in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco +3
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Authentication Bypass +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +2
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy