All the vulnerabilites related to cisco - adaptive_security_virtual_appliance
Vulnerability from fkie_nvd
Published
2014-10-10 10:55
Modified
2024-11-21 02:08
Severity ?
Summary
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.
Impacted products
Vendor Product Version
cisco adaptive_security_virtual_appliance -
cisco adaptive_security_appliance_software 8.2.0.45
cisco adaptive_security_appliance_software 8.2.1
cisco adaptive_security_appliance_software 8.2.1.1
cisco adaptive_security_appliance_software 8.2.2
cisco adaptive_security_appliance_software 8.2.2.10
cisco adaptive_security_appliance_software 8.2.2.12
cisco adaptive_security_appliance_software 8.2.2.16
cisco adaptive_security_appliance_software 8.2.2.17
cisco adaptive_security_appliance_software 8.2.3
cisco adaptive_security_appliance_software 8.2.4
cisco adaptive_security_appliance_software 8.2.4.1
cisco adaptive_security_appliance_software 8.2.4.4
cisco adaptive_security_appliance_software 8.2.5
cisco adaptive_security_appliance_software 8.2.5.13
cisco adaptive_security_appliance_software 8.2.5.22
cisco adaptive_security_appliance_software 8.2.5.26
cisco adaptive_security_appliance_software 8.2.5.33
cisco adaptive_security_appliance_software 8.2.5.40
cisco adaptive_security_appliance_software 8.2.5.41
cisco adaptive_security_appliance_software 8.2.5.46
cisco adaptive_security_appliance_software 8.2.5.48
cisco adaptive_security_appliance_software 8.4.1
cisco adaptive_security_appliance_software 8.4.1.3
cisco adaptive_security_appliance_software 8.4.1.11
cisco adaptive_security_appliance_software 8.4.2
cisco adaptive_security_appliance_software 8.4.2.1
cisco adaptive_security_appliance_software 8.4.2.8
cisco adaptive_security_appliance_software 8.4.3
cisco adaptive_security_appliance_software 8.4.3.8
cisco adaptive_security_appliance_software 8.4.3.9
cisco adaptive_security_appliance_software 8.4.4
cisco adaptive_security_appliance_software 8.4.4.1
cisco adaptive_security_appliance_software 8.4.4.3
cisco adaptive_security_appliance_software 8.4.4.5
cisco adaptive_security_appliance_software 8.4.4.9
cisco adaptive_security_appliance_software 8.4.5
cisco adaptive_security_appliance_software 8.4.5.6
cisco adaptive_security_appliance_software 8.4.6
cisco adaptive_security_appliance_software 8.4.7
cisco adaptive_security_appliance_software 8.4.7.3
cisco adaptive_security_appliance_software 8.6.1
cisco adaptive_security_appliance_software 8.6.1.1
cisco adaptive_security_appliance_software 8.6.1.2
cisco adaptive_security_appliance_software 8.6.1.5
cisco adaptive_security_appliance_software 8.6.1.10
cisco adaptive_security_appliance_software 8.6.1.12
cisco adaptive_security_appliance_software 8.6.1.13
cisco adaptive_security_appliance_software 8.7.1
cisco adaptive_security_appliance_software 8.7.1.3
cisco adaptive_security_appliance_software 8.7.1.4
cisco adaptive_security_appliance_software 8.7.1.7
cisco adaptive_security_appliance_software 8.7.1.11
cisco adaptive_security_appliance_software 9.0.1
cisco adaptive_security_appliance_software 9.0.2
cisco adaptive_security_appliance_software 9.0.2.10
cisco adaptive_security_appliance_software 9.0.3
cisco adaptive_security_appliance_software 9.0.3.6
cisco adaptive_security_appliance_software 9.0.3.8
cisco adaptive_security_appliance_software 9.0.4
cisco adaptive_security_appliance_software 9.0.4.1
cisco adaptive_security_appliance_software 9.0.4.5
cisco adaptive_security_appliance_software 9.0.4.7
cisco adaptive_security_appliance_software 9.1.1
cisco adaptive_security_appliance_software 9.1.1.4
cisco adaptive_security_appliance_software 9.1.2
cisco adaptive_security_appliance_software 9.1.2.8
cisco adaptive_security_appliance_software 9.1.3
cisco adaptive_security_appliance_software 9.1.3.2
cisco adaptive_security_appliance_software 9.1.4
cisco adaptive_security_appliance_software 9.1.5
cisco asa_1000v_cloud_firewall -
cisco asa_5505 -
cisco asa_5512-x -
cisco asa_5515-x -
cisco asa_5525-x -
cisco asa_5545-x -
cisco asa_5555-x -
cisco asa_5580 -
cisco asa_5585-x -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E785C602-BE11-4FFC-A2A7-EC520E220C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "70158003-F6CA-4A5C-893C-BF885A388D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2C8AFA-A4B6-44A2-B00C-1950997493C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9B36FF-1061-4DBD-8910-8312FF20EDB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "465313C5-BFB9-458A-8150-8F7BA1F8C386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE7A928A-2CBA-43BC-B312-975EE9E24830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF721BA-25FF-485E-9102-5741AC9BC9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34D78E-68C9-4372-85F2-E74A1C8C06F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "05748A45-8423-42F4-8F95-7BA83548C4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C15D1F6-997D-47FD-A654-AEF3332E6105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3E5F50-CBD1-4516-BC97-3AF59DB39A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B54134-5AC7-4D7E-A7F1-D4C2057FF146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AFE499E-09BB-4C86-AC74-7568B2D3CA51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0B5BF7-18FB-4066-947E-7352B9951AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42DD43A-B6BD-4C2B-BA57-928501C62388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE65B75-4987-4E77-8814-F7BC9875924A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C890603E-6634-46E2-AFA9-ADE8ED1B9E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBAB79E-83BF-4AD1-875B-D015A18ECB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA41C5E-F854-4729-9498-C54FA5C00664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B08E743-488A-4F99-ABA6-98AD534B603B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "978A0B9D-1B1D-4E22-893C-52DE75247BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD17927A-7AFA-4177-A34E-5FEB7A9400AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "989F9AC4-C2D1-49A0-95C3-79A4EB827E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B442C852-2465-4EA8-A977-1F10A4CE23AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB6ED4-3095-46C1-9CB6-2975A7B05303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE68CD8E-B9CF-4519-8B0E-4C4488B34887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "518D4826-06B0-4DDC-B082-A536418FD292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E343DE08-58FA-4C39-99F9-8CB5F57D0CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76363698-DB62-4D92-8EE4-069891A9F92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6159BEE3-D097-4E07-9962-06DB740E2AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD606591-F69A-47AD-9256-20B98CA16135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EF3895-F372-45D3-9C7D-15F5C4712D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC5960D-B917-4ABA-850F-A710676ACB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B746A138-6650-49A3-87C8-3728FE5CF215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E50C2A13-5A8B-4FA5-ABB8-1157E560503B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "909F9D55-9276-4CF1-BC63-7CEEF8F25C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F383D276-D5EC-4335-AC09-9D30F6443AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C2A7FF-6AC3-42B5-954A-9AA5950C523A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF969BE-46BB-4AD7-85AB-8384426E9551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E618B3-DD03-4ECD-AB9B-97F1EDF95E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "20424324-881A-496B-BC55-62AA75994249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D67012F3-5153-400E-BD6F-EB0949875F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E1C03C-0737-4E2B-B3F9-10770281F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C7052D2-0789-4A4D-917D-FCD894B7280F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0956F0A8-7424-437C-AAD8-203183BEBFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FB57F9-5B37-4509-B2EB-6A16DFE11F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "952F6504-9CD0-453E-8C25-02BB9EE818F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E842AF74-D1E3-4F71-80F9-197B38942405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6293A8-C21E-46F6-ACC1-6BBAD419B41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4714F698-BBAE-47BB-99E8-F90D22415EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB55BC7E-0B3F-4202-8768-08F27B763926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB01683-C482-4A5B-90FA-B5266BEA452E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA16481A-4A47-4A8E-8C78-87B3A171280A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0258ED-6ED0-49C7-A13A-368711649FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D448BB56-5B2E-4B3E-B7E8-1F4991F23D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2049D602-54F1-4072-936E-0D7E337162B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asa_1000v_cloud_firewall:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9182B547-0BCA-4700-8F3E-257EB5D4D4F6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E6A8BB7-2000-4CA2-9DD7-89573CE4C73A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n Smart Call Home (SCH) en Cisco ASA Software 8.2 anterior a 8.2(5.50), 8.4 anterior a 8.4(7.15), 8.6 anterior a 8.6(1.14), 8.7 anterior a 8.7(1.13), 9.0 anterior a 9.0(4.8), y 9.1 anterior a 9.1(5.1) permite a atacantes remotos evadir la validaci\u00f3n de certificados a trav\u00e9s de un certificado VeriSign arbitrario, tambi\u00e9n conocido como Bug ID CSCun10916."
    }
  ],
  "id": "CVE-2014-3394",
  "lastModified": "2024-11-21T02:08:00.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-10T10:55:06.680",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-05-03 17:29
Modified
2024-11-21 04:37
Summary
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F292C5-67ED-4F18-B6C4-5873BB771C3D",
              "versionEndExcluding": "6.2.3.12",
              "versionStartIncluding": "6.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A16803C-579C-4992-B37E-7CEC17307659",
              "versionEndExcluding": "6.3.0.3",
              "versionStartIncluding": "6.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C812C8D5-3159-434C-8B9F-8CB0A8767923",
              "versionEndExcluding": "9.8.4",
              "versionStartIncluding": "9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABCD2AF8-97D4-45C6-B80E-D5FA9B719BD5",
              "versionEndExcluding": "9.9.2.50",
              "versionStartIncluding": "9.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4C6B343-2D4D-4C7E-A59E-629773DD2E60",
              "versionEndExcluding": "9.10.1.17",
              "versionStartIncluding": "9.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E785C602-BE11-4FFC-A2A7-EC520E220C0F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4916B846-AEAD-4C06-9705-048627F27236",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "931B9C8E-6AD7-4E05-8E48-27D3931DC8BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5506w-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78BA13B-49B2-4ECF-A69D-5C14EAB6B118",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5508-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5806FA7C-356B-45BB-ABB0-54B87167AF77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5516-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93289CFF-6A07-46F2-A2E0-5C43C67E0DCD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5525-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A11CA4-D93C-4D32-81C7-E3CF71EC4BBB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF47542-3C2E-4BDB-823F-9A901312C634",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A567EFB6-9A19-4BC0-8EE2-6E2219D09961",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E9552E6-0B9B-4B32-BE79-90D4E3887A7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:isa_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9510E97A-FD78-43C6-85BC-223001ACA264",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n del Security Assertion Markup Language (SAML) versi\u00f3n 2.0 Single Sign-On (SSO) para VPN SSL sin clientes (WebVPN) y AnyConnect Remote Access VPN en Cisco Adaptive Security Appliance (ASA) Programa y Cisco Firepower Threat Defense (FTD) El programa podr\u00eda permitir a un atacante remoto no autenticado establecer con \u00e9xito una sesi\u00f3n VPN en un dispositivo afectado. La vulnerabilidad se debe a una gesti\u00f3n inadecuada de las credenciales cuando se utiliza NT LAN Manager (NTLM) o autenticaci\u00f3n b\u00e1sica. Un atacante podr\u00eda explotar esta vulnerabilidad abriendo una sesi\u00f3n VPN a un dispositivo afectado despu\u00e9s de que otro usuario VPN se haya autenticado con \u00e9xito en el dispositivo afectado a trav\u00e9s de SAML SSO. Un exploit con \u00e9xito podr\u00eda permitir al atacante conectarse a redes seguras detr\u00e1s del dispositivo afectado."
    }
  ],
  "id": "CVE-2019-1714",
  "lastModified": "2024-11-21T04:37:09.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-03T17:29:00.533",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108185"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-16 13:15
Modified
2024-11-21 05:44
Summary
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F57A86-6284-4269-823E-B30C57185D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:firepower_threat_defense:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C0208A-CF86-47EB-AC1E-F1BBB4D4A5B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E785C602-BE11-4FFC-A2A7-EC520E220C0F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23A26EF-5B43-437C-A962-4FC69D8A0FF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ftd_virtual:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E41ECE-56CB-4B41-AE96-B19EFA53EAD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el m\u00f3dulo de criptograf\u00eda de software de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software, podr\u00eda permitir a un atacante remoto autenticado o a un atacante no autenticado en una posici\u00f3n de tipo man-in-the-middle causar una recarga inesperada del dispositivo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a un error l\u00f3gico en como el m\u00f3dulo de criptograf\u00eda del software maneja tipos espec\u00edficos de errores de descifrado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes maliciosos a trav\u00e9s de una conexi\u00f3n IPsec establecida. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el bloqueo del dispositivo, oblig\u00e1ndolo a recargarse. Importante: Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad no causar\u00eda un compromiso de ning\u00fan dato encriptado. Nota: Esta vulnerabilidad s\u00f3lo afecta la versi\u00f3n 9.16.1 del software Cisco ASA y la versi\u00f3n 7.0.0 del software Cisco FTD"
    }
  ],
  "id": "CVE-2021-1422",
  "lastModified": "2024-11-21T05:44:19.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-16T13:15:08.783",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-19 20:29
Modified
2024-11-21 03:37
Summary
Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64116F5B-671C-46DB-A78D-AB14AAF946FD",
              "versionEndIncluding": "6.1.0.7",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8A9EB8-D0BF-453B-BB21-5EE5D8E29728",
              "versionEndExcluding": "6.2.0.5",
              "versionStartIncluding": "6.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F78E5B29-1033-4151-A1C2-063D590C0B34",
              "versionEndExcluding": "6.2.2.2",
              "versionStartIncluding": "6.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA3D6C9-26CC-4E6C-A71A-C50119CC434B",
              "versionEndExcluding": "9.6.4.6",
              "versionStartIncluding": "9.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4174F9-9031-437E-82DE-F58F35594ED0",
              "versionEndExcluding": "9.7.1.24",
              "versionStartIncluding": "9.7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0EB447-BAF2-4ED2-BE4A-02F7FE9E35EE",
              "versionEndExcluding": "9.8.2.24",
              "versionStartIncluding": "9.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68B0C20-2628-4355-A48F-619E755305DD",
              "versionEndExcluding": "9.9.1.4",
              "versionStartIncluding": "9.9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E785C602-BE11-4FFC-A2A7-EC520E220C0F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense_virtual:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38E373E-438F-44F6-AABF-2C57142507EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:7604:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65973B50-2AA1-4B83-925A-8DB2D4720ADB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:7606-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DD80A8-F664-4C30-A89F-C2299CCACB7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:7609-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "385DBA44-E84B-4752-8E8E-170EF13784D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:7613-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E30F72-0218-496D-BFAD-CED0AAC5E58E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5505:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EACCF8-8E5F-4227-9B09-9F3B40462B29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5506-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4916B846-AEAD-4C06-9705-048627F27236",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5506h-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "931B9C8E-6AD7-4E05-8E48-27D3931DC8BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5512-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B202C089-E348-42E0-8818-BB3874B28AFD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5515-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F449766B-F279-41B3-B0D6-049EF05B8DCE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7293B424-1022-4013-8A5F-5A023D3DB181",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FF447F-AE88-4B08-BDE8-26B642BEA80C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5545-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF47542-3C2E-4BDB-823F-9A901312C634",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A567EFB6-9A19-4BC0-8EE2-6E2219D09961",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa-5585-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70928713-E277-4707-9A8A-3438D1760ECE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "763B801D-CA1E-4C56-8B06-3373EA307C7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11AF728-8EB0-45EB-A7DD-F2D52B3BB7B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92AE506A-E710-465B-B795-470FDE0E0ECA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5516-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E07AF10-FFB2-4AC7-BBE7-199C3EFED81F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6500-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B48565-92C7-4AE1-AE3A-6FF7DD010745",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6503-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F202892E-2E58-4D77-B983-38AFA51CDBC6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6504-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F57DF3E-4069-4EF0-917E-84CDDFCEBEEF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6506-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE25114-ABBC-47A0-9C20-E8D40D721313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADD5F49-2817-40EC-861C-C922825708BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-neb-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E628F9C4-98C6-4A95-AF81-F1E6A56E8648",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6509-v-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AFF899C-1EB3-46D8-9003-EA36A68C90B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6513:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6463491-F63E-44CB-A1D4-C029BE7D3D3D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_6513-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8668D34-096B-4FC3-B9B1-0ECFD6265778",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:isa-3000-2c2f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "646795EF-D545-44FE-ADD9-E950783CF976",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:isa-3000-4c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81184F2-631A-46FA-AB96-2B2D20FBEC8D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la caracter\u00edstica Application Layer Protocol de Cisco Adaptive Security Appliance (ASA) Software y Cisco Firepower Threat Defense (FTD) Software podr\u00edan permitir que un atacante remoto no autenticado desencadene una recarga del dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). Las vulnerabilidades se deben a errores de l\u00f3gica durante la inspecci\u00f3n de tr\u00e1fico. Un atacante podr\u00eda explotar estas vulnerabilidades enviando un gran volumen de tr\u00e1fico malicioso a trav\u00e9s de un dispositivo afectado. Su explotaci\u00f3n podr\u00eda permitir que el atacante provoque una condici\u00f3n de deadlock, lo que resulta en la recarga del dispositivo afectado. Estas vulnerabilidades afectan a las versiones de Cisco ASA Software y Cisco FTD Software configuradas para la inspecci\u00f3n de Application Layer Protocol en los siguientes productos de Cisco: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module y FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456."
    }
  ],
  "id": "CVE-2018-0240",
  "lastModified": "2024-11-21T03:37:47.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-19T20:29:00.817",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103934"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040722"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-1422
Vulnerability from cvelistv5
Published
2021-07-16 12:25
Modified
2024-11-07 22:06
Summary
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1422",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:12.282761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:06:04.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T12:25:14",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC",
        "defect": [
          [
            "CSCvy66711"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-15T23:00:00",
          "ID": "CVE-2021-1422",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance (ASA) Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.7",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-617"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210715 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC",
          "defect": [
            [
              "CSCvy66711"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1422",
    "datePublished": "2021-07-16T12:25:14.725100Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:06:04.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0240
Vulnerability from cvelistv5
Published
2018-04-19 20:00
Modified
2024-11-29 15:17
Severity ?
Summary
Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect"
          },
          {
            "name": "1040722",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040722"
          },
          {
            "name": "103934",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103934"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0240",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:44:25.368518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:17:08.486Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Adaptive Security Appliance"
            }
          ]
        }
      ],
      "datePublic": "2018-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-05T17:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect"
        },
        {
          "name": "1040722",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040722"
        },
        {
          "name": "103934",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103934"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0240",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Adaptive Security Appliance"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerabilities are due to logical errors during traffic inspection. An attacker could exploit these vulnerabilities by sending a high volume of malicious traffic across an affected device. An exploit could allow the attacker to cause a deadlock condition, resulting in a reload of an affected device. These vulnerabilities affect Cisco ASA Software and Cisco FTD Software configured for Application Layer Protocol Inspection running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCve61540, CSCvh23085, CSCvh95456."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect"
            },
            {
              "name": "1040722",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040722"
            },
            {
              "name": "103934",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103934"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0240",
    "datePublished": "2018-04-19T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:17:08.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3394
Vulnerability from cvelistv5
Published
2014-10-10 10:00
Modified
2024-08-06 10:43
Severity ?
Summary
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-10-10T05:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3394",
    "datePublished": "2014-10-10T10:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1714
Vulnerability from cvelistv5
Published
2019-05-03 16:15
Modified
2024-11-19 19:08
Summary
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.
Impacted products
Vendor Product Version
Cisco Cisco Firepower Threat Defense (FTD) Software Version: unspecified   < 6.2.3.12
Version: unspecified   < 6.3.0.3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
          },
          {
            "name": "108185",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108185"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T17:24:19.883643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:08:27.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Adaptive Security Appliance (ASA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "9.8.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "9.9.2.50",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "9.10.1.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Cisco Firepower Threat Defense (FTD) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "6.2.3.12",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-255",
              "description": "CWE-255",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-08T08:05:59",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
        },
        {
          "name": "108185",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108185"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190501-asaftd-saml-vpn",
        "defect": [
          [
            "CSCvn72570"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-01T16:00:00-0700",
          "ID": "CVE-2019-1714",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Adaptive Security Appliance (ASA) Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.8.4"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.9.2.50"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "9.10.1.17"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Firepower Threat Defense (FTD) Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.2.3.12"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "6.3.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190501 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN SAML Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
            },
            {
              "name": "108185",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108185"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190501-asaftd-saml-vpn",
          "defect": [
            [
              "CSCvn72570"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1714",
    "datePublished": "2019-05-03T16:15:18.833510Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-19T19:08:27.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}