Skip to main content

Adaptive Security Appliance Software

257 CVEs product

Monthly

CVE-2015-0675 HIGH This Week

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
8.3
EPSS
0.2%
CVE-2014-8023 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0619 MEDIUM This Month

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-5557 MEDIUM This Month

The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2015-0578 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local. Rated medium severity (CVSS 5.7). No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
5.7
EPSS
0.6%
CVE-2014-3410 MEDIUM This Month

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-8012 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3407 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-3394 MEDIUM This Month

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Virtual Appliance Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-3393 MEDIUM This Month

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-3392 HIGH This Week

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
8.3
EPSS
0.5%
CVE-2014-3391 MEDIUM This Month

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3390 MEDIUM This Month

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-3399 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Code Injection Microsoft RCE Cisco +1
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2014-3398 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-6691 MEDIUM This Month

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2013-5567 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2014-2151 MEDIUM This Month

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3264 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2014-2181 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-2182 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
6.1
EPSS
0.6%
CVE-2014-2154 MEDIUM This Month

Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-2129 HIGH This Week

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
7.1
EPSS
0.4%
CVE-2014-2128 MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-2127 HIGH POC THREAT Act Now

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 30.7%.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
8.5
EPSS
30.7%
Threat
4.1
CVE-2014-2126 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD VulDB
CVSS 2.0
8.5
EPSS
0.5%
CVE-2014-0739 MEDIUM This Month

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0738 MEDIUM This Month

The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2013-6707 MEDIUM This Month

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-6696 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.1
EPSS
0.8%
CVE-2013-6682 MEDIUM This Month

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-5568 HIGH This Week

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.3%
CVE-2013-5560 MEDIUM This Month

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.4
EPSS
0.6%
CVE-2013-5551 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
6.3
EPSS
1.2%
CVE-2013-5544 MEDIUM This Month

The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2013-5542 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
8.5
EPSS
0.8%
CVE-2013-5515 HIGH This Week

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6),. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2013-5513 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2013-5512 HIGH This Week

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Java Race Condition Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.1%
CVE-2013-5511 CRITICAL Act Now

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2013-5510 MEDIUM This Month

The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5509 CRITICAL Act Now

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2013-5508 HIGH This Week

The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18),. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firewall Services Module Software
NVD
CVSS 2.0
7.1
EPSS
0.4%
CVE-2013-5507 HIGH This Week

The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2013-3415 HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-3458 HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.5%
CVE-2013-3463 MEDIUM This Month

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-3414 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-1215 MEDIUM This Month

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Asa 5500
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-1195 MEDIUM This Month

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firewall Services Module Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-1199 MEDIUM This Month

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco Adaptive Security Appliance Clientless Ssl Vpn Adaptive Security Appliance Software +1
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-1194 MEDIUM This Month

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-1193 MEDIUM This Month

The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firewall Services Module Adaptive Security Appliance Software
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-1152 HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1151 HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17),. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
CVSS 2.0
7.1
EPSS
0.2%
CVE-2013-1150 HIGH This Week

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Authentication Bypass Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2013-1149 HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance 6500 Series Adaptive Security Appliance +2
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2013-1138 MEDIUM This Month

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-6395 MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance Asa 1000V Cloud Firewall +1
NVD
CVSS 2.0
6.3
EPSS
1.0%
CVE-2012-5717 MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco Adaptive Security Appliance Software Adaptive Security Appliance +2
NVD
CVSS 2.0
6.3
EPSS
0.3%
CVE-2012-5419 HIGH This Week

Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Asa 1000V Cloud Firewall
NVD
CVSS 2.0
7.8
EPSS
0.7%
CVE-2012-4663 HIGH This Week

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +10
NVD
CVSS 2.0
7.1
EPSS
1.5%
CVE-2012-4662 HIGH This Week

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +10
NVD
CVSS 2.0
7.1
EPSS
1.5%
CVE-2012-4661 CRITICAL Act Now

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +10
NVD
CVSS 2.0
9.0
EPSS
9.7%
CVE-2012-4660 HIGH This Week

The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +9
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2012-4659 HIGH This Week

The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Authentication Bypass Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +9
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2012-4643 HIGH This Week

The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Catalyst 6500 +8
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2012-2474 MEDIUM This Month

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Cisco 5500 Series Adaptive Security Appliance Adaptive Security Appliance Software
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-2472 HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2012-3058 HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Catalyst 6500 +8
NVD
CVSS 2.0
7.8
EPSS
1.0%
CVE-2012-0378 HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance
NVD
CVSS 2.0
7.8
EPSS
0.4%
CVE-2012-0335 MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-0358 CRITICAL Act Now

Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance
NVD
CVSS 2.0
9.3
EPSS
6.7%
CVE-2012-0356 HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firewall Services Module Software Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance +10
NVD
CVSS 2.0
7.8
EPSS
2.3%
CVE-2012-0355 HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Catalyst 6500 +8
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2012-0354 HIGH This Week

The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Catalyst 6500 +8
NVD
CVSS 2.0
7.1
EPSS
2.0%
CVE-2012-0353 HIGH This Week

The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software 5500 Series Adaptive Security Appliance Catalyst 6500 +8
NVD
CVSS 2.0
7.1
EPSS
2.0%
EPSS 0% CVSS 8.3
HIGH This Week

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local. Rated medium severity (CVSS 5.7). No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Virtual Appliance +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Authentication Bypass +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Code Injection Microsoft +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD VulDB
EPSS 31% 4.1 CVSS 8.5
HIGH POC THREAT Act Now

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 30.7%.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD VulDB
EPSS 1% CVSS 8.5
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Privilege Escalation Adaptive Security Appliance Software
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The phone-proxy implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier does not properly validate X.509 certificates, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1.3 and earlier, when NAT64 or NAT66 is enabled, does not properly process NAT rules, which allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6),. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Java Race Condition +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18),. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do not properly process X.509 certificates, which allows remote attackers to cause a denial of service (device crash) via a large. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco XSS Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Adaptive Security Appliance Software +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firewall Services Module +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Cisco +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firewall Services Module +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17),. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The NAT process on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (connections-table memory consumption) via crafted packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +2
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Cisco +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +12
NVD
EPSS 2% CVSS 7.1
HIGH This Week

The DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +12
NVD
EPSS 10% CVSS 9.0
CRITICAL Act Now

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco +12
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.2 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +11
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Authentication Bypass +11
NVD
EPSS 1% CVSS 7.1
HIGH This Week

The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +10
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Cisco +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software +1
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firewall Services Module Software +12
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4). Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +10
NVD
EPSS 2% CVSS 7.1
HIGH This Week

The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +10
NVD
EPSS 2% CVSS 7.1
HIGH This Week

The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software +10
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy