All the vulnerabilites related to cisco - pix
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942."
},
{
"lang": "es",
"value": "Cisco PIX y dispositivos Adaptive Security Appliance 5500(ASA) 7.2 anteriores a 7.2(4)2, 8.0 anterior a 8.0(3)14, y 8.1 anterior a 8.1(1)4, cuando se encuentra configurado como un endpoint VPN, no procesa adecuadamente la autenticaci\u00f3n cliente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) a trav\u00e9s de un intento de autenticaci\u00f3n manipulado, tambi\u00e9n conocido como Bug ID CSCso69942."
}
],
"id": "CVE-2008-2733",
"lastModified": "2024-11-21T00:47:34.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-04T16:41:00.000",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/31730"
},
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/30998"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1020810"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1020811"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | pix | * | |
| cisco | pix | 7.1 | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | adaptive_security_appliance_software | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B51668-5055-4B10-9E0F-D25C470C9A80",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051F79C8-3058-4926-A533-73F5A269599E",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.1 anterior a 7.1(2)49 y 7.2 anterior a 7.2(2)17 permite a atacantes remotos provocar denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de vectores desconocidos relacionados con el fin de la conexi\u00f3n VPN y el vencimiento de la contrase\u00f1a."
}
],
"evaluatorSolution": "The vendor has addressed this issue with a product update. Information can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
"id": "CVE-2007-2463",
"lastModified": "2024-11-21T00:30:51.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35332"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | pix | * | |
| cisco | pix | 7.1 | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | adaptive_security_appliance_software | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B51668-5055-4B10-9E0F-D25C470C9A80",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051F79C8-3058-4926-A533-73F5A269599E",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) y PIX 7.2 before 7.2(2)8, cuando utilizan Layer 2 Tunneling Protocol (L2TP) o Remote Management Access, permite a atacantes remotos evitar la validaci\u00f3n LDAP y ganar privilegios a trav\u00e9s de vectores desconocidos."
}
],
"evaluatorSolution": "The vendor has addressed this issue with the following update:\r\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
"id": "CVE-2007-2462",
"lastModified": "2024-11-21T00:30:50.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35331"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017994"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017995"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.1 | |
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors."
},
{
"lang": "es",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.1(1) hasta v7.1(2)82, v7.2 anteriores a v7.2(4)27, v8.0 anteriores a v8.0(4)25, y v8.1 anteriores a v8.1(2)15, cuando introducimos en un campo de atributo general AAA, permite a atacantes remotos saltarse la autenticaci\u00f3n y establecer una sesi\u00f3n VPN a un dispositivo ASO mediante vectores no especificados."
}
],
"evaluatorImpact": "Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml\r\n\r\n\"VPN Authentication Bypass Vulnerability\r\n\r\nCisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability.\r\n\r\nNote: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is disabled by default. \"",
"id": "CVE-2009-1155",
"lastModified": "2024-11-21T01:01:47.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.703",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/53441"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022016"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.0 | |
| cisco | adaptive_security_appliance_5500 | 7.1 | |
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.0 | |
| cisco | pix | 7.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "235C2CE5-C858-4037-AE35-E6D506301894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277."
},
{
"lang": "es",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances v7.0 anteriores a v7.0(8)1, v7.1 anteriores a v7.1(2)74, v7.2 anteriores a v7.2(4)9, and v8.0 anteriores a v8.0(4)5 no implementan de forma adecuada la denegaci\u00f3n impl\u00edcita, lo que podr\u00eda permitir a atacantes remotos enviar paquetes que sobrepasen las restricciones de acceso impuestas, tambi\u00e9n conocido como Bug ID CSCsq91277."
}
],
"id": "CVE-2009-1160",
"lastModified": "2024-11-21T01:01:48.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.797",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022017"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en Cisco Adaptive Security Appliances (ASA) 5500 Series devices v8.0 anteriores a v8.0(4)25 y v8.1 anteriores a v8.1(2)15, cuando est\u00e1 configurado el acceso SSL VPN o ASDM, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de un paquete manipulado (1) SSL o (2) HTTP."
}
],
"evaluatorImpact": "Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml\r\n\r\nVPN Authentication Bypass Vulnerability\r\n\r\nThe Cisco ASA or Cisco PIX security appliance can be configured to override an account-disabled indication from a AAA server and allow the user to log on anyway. However, the user must provide the correct credentials in order to login to the VPN. A vulnerability exists in the Cisco ASA and Cisco PIX security appliances where VPN users can bypass authentication when the override account feature is enabled.\r\n\r\nNote: The override account feature was introduced in Cisco ASA software version 7.1(1).\r\n\r\nThe override account feature is enabled with the override-account-disable command in tunnel-group general-attributes configuration mode, as shown in the following example. The following example allows overriding the \"account-disabled\" indicator from the AAA server for the WebVPN tunnel group \"testgroup\":\r\n\r\n hostname(config)#tunnel-group testgroup type webvpn\r\n hostname(config)#tunnel-group testgroup general-attributes\r\n hostname(config-tunnel-general)#override-account-disable\r\n\r\nNote: The override account feature is disabled by default.",
"id": "CVE-2009-1156",
"lastModified": "2024-11-21T01:01:47.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.717",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/53442"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | pix | 7.2 | |
| cisco | adaptive_security_appliance_software | 7.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95627941-30D8-452F-B6C8-76D2BEE93514",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used."
},
{
"lang": "es",
"value": "El agente transmisor DHCP en Cisco Adaptive Security Appliance (ASA) y PIX 7.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (abandono de paquetes) mediante un mensaje DHCPREQUEST o DHCPINFORM que provoca que m\u00faltiples mensajes DHCPACK sean enviados desde servidores DHCP al agente, lo cual consume la memoria reservada para un b\u00fafer local. NOTA: esta situaci\u00f3n s\u00f3lo se da cuando se usan m\u00faltiples servidores DHCP."
}
],
"id": "CVE-2007-2461",
"lastModified": "2024-11-21T00:30:50.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23763"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017999"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018000"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.2 anteriores a v7.2(4)26, v8.0 anteriores a v8.0(4)22, y v8.1 anteriores a v8.1(2)12, cuando la inspecci\u00f3n SQL*Net est\u00e1 activada, permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (rastreo y recarga del dispositivo) a trav\u00e9s de series de paquetes SQL*Net."
}
],
"id": "CVE-2009-1159",
"lastModified": "2024-11-21T01:01:48.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.780",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/53446"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.0 | |
| cisco | adaptive_security_appliance_5500 | 7.1 | |
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.0 | |
| cisco | pix | 7.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "235C2CE5-C858-4037-AE35-E6D506301894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet."
},
{
"lang": "es",
"value": "Fuga de memoria en Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances v7.0 anteriores a v7.0(8)6, v7.1 anteriores a v7.1(2)82, v7.2 anteriores a v7.2(4)30, v8.0 anteriores a v8.0(4)28, y v8.1 anteriores a v8.1(2)19 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y recarga del dispositivo) a trav\u00e9s de una paquete TCP manipulado.\r\n"
}
],
"evaluatorImpact": "Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml\r\n\r\nCrafted TCP Packet DoS Vulnerability\r\n\r\nCisco ASA and Cisco PIX security appliances may experience a memory leak that can be triggered by a series of crafted TCP packets. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:\r\n\r\n * SSL VPNs\r\n * ASDM Administrative Access\r\n * Telnet Access\r\n * SSH Access\r\n * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs\r\n * Virtual Telnet\r\n * Virtual HTTP\r\n * Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection\r\n * Cut-Through Proxy for Network Access\r\n * TCP Intercept",
"id": "CVE-2009-1157",
"lastModified": "2024-11-21T01:01:47.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.750",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/53445"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.0 | |
| cisco | adaptive_security_appliance_5500 | 7.1 | |
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.0 | |
| cisco | pix | 7.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "235C2CE5-C858-4037-AE35-E6D506301894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en Cisco Adaptive Security Appliances (ASA) 5500 Series dispositivos v7.0 anteriores a v7.0(8)6, v7.1 anteriores a v7.1(2)82, v7.2 anteriores a v7.2(4)26, v8.0 anteriores a v8.0(4)24, y v8.1 anteriores a v8.1(2)14, cuando la inspecci\u00f3n H.323 est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un paquete h.323 manipulado."
}
],
"id": "CVE-2009-1158",
"lastModified": "2024-11-21T01:01:48.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T15:08:35.767",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/53444"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0981"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | pix | * | |
| cisco | pix | 7.1 | |
| cisco | adaptive_security_appliance_software | * | |
| cisco | adaptive_security_appliance_software | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B51668-5055-4B10-9E0F-D25C470C9A80",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "051F79C8-3058-4926-A533-73F5A269599E",
"versionEndIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el Cisco Adaptive Security Appliance (ASA) y en el PIX 7.1 anterior al 7.1(2)49 y el 7.2 anterior al 7.2(2)19, cuando se utiliza \"VPNs SSL sin cliente\", permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recargar el dispositivo) a trav\u00e9s de \"sesiones SSL no est\u00e1ndar\"."
}
],
"evaluatorSolution": "The vendor has addressed this issue with a product update. Information can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
"id": "CVE-2007-2464",
"lastModified": "2024-11-21T00:30:51.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/337508"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/35333"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/337508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/35333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pix:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B10C3812-2BA0-4DE3-8793-8F89AD342E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination."
}
],
"id": "CVE-2005-3774",
"lastModified": "2024-11-21T00:02:38.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-23T00:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17670"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015256"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15525"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | adaptive_security_appliance_5500 | 7.2 | |
| cisco | adaptive_security_appliance_5500 | 8.0 | |
| cisco | adaptive_security_appliance_5500 | 8.1 | |
| cisco | pix | 7.2 | |
| cisco | pix | 8.0 | |
| cisco | pix | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en la funcionalidad de inspecci\u00f3n SIP en Cisco PIX y Adaptive Security Appliance (ASA) 5500 devices 7.0 versiones anteriores a 7.0(7)16, 7.1 versiones anteriores a 7.1(2)71, 7.2 versiones anteriores a 7.2(4)7, 8.0 versiones anteriores a 8.0(3)20, y 8.1 versiones anteriores a 8.1(1)8 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, y CSCsq39315."
}
],
"id": "CVE-2008-2732",
"lastModified": "2024-11-21T00:47:34.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-04T16:41:00.000",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/31730"
},
{
"source": "ykramarz@cisco.com",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/30998"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1020808"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1020809"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCBA3A3-7C8F-481A-9BEC-78981547F8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "508DECFB-F334-409F-911B-BF8D842D3556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Cisco Adaptive Security Appliances (ASA) 5500 Series y PIX Security Appliances 7.0 versiones anteriores a 7.0(8)3, 7.1 versiones anteriores a 7.1(2)78, 7.2 versiones anteriores a 7.2(4)16, 8.0 versiones anteriores a 8.0(4)6, y 8.1 versiones anteriores a 8.1(1)13, cuando est\u00e1 configurado como una VPN utilizando la autenticaci\u00f3n del dominio de Microsoft Windows NT, permite a atacantes remotos evitar la autenticaci\u00f3n VPN a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3815",
"lastModified": "2024-11-21T00:50:11.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-23T22:00:01.137",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/32360"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/31864"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1021089"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1021090"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.vupen.com/english/advisories/2008/2899"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"source": "ykramarz@cisco.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200904-0281
Vulnerability from variot
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted TCP Packet DoS Vulnerability +-----------------------------------
A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 5.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1156",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-38602",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1156",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-38602",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38602"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38602"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1156",
"trust": 2.9
},
{
"db": "BID",
"id": "34429",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022015",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53442",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38602",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38602"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"id": "VAR-200904-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38602"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:39.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53442"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022015"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1156"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1156"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38602"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38602"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38602"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T15:08:35.717000",
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38602"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001193"
},
{
"date": "2009-04-28T05:39:14.280000",
"db": "NVD",
"id": "CVE-2009-1156"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA In SSL/HTTP Packet service disruption (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-197"
}
],
"trust": 0.6
}
}
var-200705-0480
Vulnerability from variot
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information IPSec VPN If an attacker attempts to exploit the, the group name and group password must be known. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. A successful attack can result in a device reload. This vulnerability is documented as software bug CSCsh81111.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network.
Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication.
2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.
Successful exploitation requires that the tunnel group is configured with password expiry.
3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload.
Successful exploitation requires that clientless SSL is used.
4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device.
Successful exploitation requires that devices are configured to use the DHCP relay agent.
SOLUTION: Apply updated software versions. Please see vendor advisories for details.
PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html
US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057
OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2463",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-25825",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2463",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#337508",
"trust": 0.8,
"value": "0.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#210876",
"trust": 0.8,
"value": "2.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#530057",
"trust": 0.8,
"value": "0.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-25825",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25825"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information IPSec VPN If an attacker attempts to exploit the, the group name and group password must be known. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. A successful attack can result in a device reload. This vulnerability is documented as software bug CSCsh81111. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) An unspecified error exists when using the LDAP authentication\nmechanism, which can be exploited to bypass the authentication and\ngain access to the device or the network. \n\nSuccessful exploitation requires that the device uses the Layer 2\nTunneling Protocol (L2TP) and is configured to use LDAP servers with\nanother protocol other than PAP for authentication, or that the\ndevice offers remote management access (telnet, SSH, HTTP) and uses\nan LDAP AAA server for authentication. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. \n\n3) A race condition within the processing of non-standard SSL\nsessions in the SSL VPN server of Cisco ASA appliances can be\nexploited to cause the device to reload. \n\nSuccessful exploitation requires that clientless SSL is used. \n\n4) An error within the DHCP relay agent when handling DHCPACK\nmessages can be exploited to cause a DoS due to memory exhaustion by\nsending a large number of DHCP requests to a vulnerable device. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "VULHUB",
"id": "VHN-25825"
},
{
"db": "PACKETSTORM",
"id": "56436"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2463",
"trust": 2.8
},
{
"db": "BID",
"id": "23768",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "25109",
"trust": 2.7
},
{
"db": "OSVDB",
"id": "35332",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1636",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#210876",
"trust": 1.2
},
{
"db": "CERT/CC",
"id": "VU#337508",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#530057",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "35331",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336",
"trust": 0.8
},
{
"db": "XF",
"id": "34021",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25825",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25825"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"id": "VAR-200705-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25825"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:24.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070502-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/23768"
},
{
"trust": 2.4,
"url": "http://www.cisco.com/en/us/products/ps6120/index.html"
},
{
"trust": 2.4,
"url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/35332"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25109"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1636"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/25109/"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/110/webvpnasa.pdf"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/35331"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2463"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2463"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34021"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/467385"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/337508"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25825"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25825"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2007-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-25825"
},
{
"date": "2007-05-02T00:00:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"date": "2007-05-04T05:48:13",
"db": "PACKETSTORM",
"id": "56436"
},
{
"date": "2007-05-02T22:19:00",
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"date": "2007-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-04T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-25825"
},
{
"date": "2016-07-06T14:39:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000336"
},
{
"date": "2023-08-11T19:02:04.560000",
"db": "NVD",
"id": "CVE-2007-2463"
},
{
"date": "2007-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA clientless SSL VPN denial of service vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-024"
}
],
"trust": 0.6
}
}
var-200904-0282
Vulnerability from variot
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
VPN Authentication Bypass Vulnerability +--------------------------------------
Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- cTCP for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- TLS Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
A crafted H.323 packet may cause a DoS condition on a Cisco ASA device that is configured with H.323 inspection. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1157",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-38603",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1157",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-198",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-38603",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38603"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nCisco ASA or Cisco PIX security appliances that are configured for IPsec\nor SSL-based remote access VPN and have the Override Account Disabled\nfeature enabled are affected by this vulnerability. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * cTCP for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * TLS Proxy for Encrypted Voice Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nA crafted H.323 packet may cause a DoS condition on a Cisco ASA device\nthat is configured with H.323 inspection. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38603"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1157",
"trust": 2.9
},
{
"db": "BID",
"id": "34429",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022015",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53445",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38603",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38603"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"id": "VAR-200904-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38603"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:39.471000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53445"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022015"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1157"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1157"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38603"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38603"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38603"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T15:08:35.750000",
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38603"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001194"
},
{
"date": "2009-04-28T05:39:14.407000",
"db": "NVD",
"id": "CVE-2009-1157"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA In TCP Denial of service regarding packets (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-198"
}
],
"trust": 0.6
}
}
var-200511-0294
Vulnerability from variot
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Cisco PIX Firewall Is illegal TCP SYN When a packet is processed, the packet and source and destination information for a certain period of time (IP Address and port ) There is a function that rejects packets that match, and there is a vulnerability that prevents communication from a legitimate host if the source information of the wrong packet is spoofed by that of a legitimate host.From a specific source TCP Communication is interrupted for a certain period of time (DoS) It may be in a state. This issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible. Cisco PIX is a hardware firewall solution. Remote attackers may use this loophole to cause a denial of service attack on legitimate access sources. So an attacker can send a specially crafted TCP packet with a wrong checksum, setting the source/destination IP and port to a legitimate host. Once the PIX firewall receives such a message, it cannot establish a new TCP session with the credentials specified in the malicious message. The default time is 2 minutes and 2 seconds, and then it will resume normal operation. Gavrilenko has reported a vulnerability in Cisco PIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to the firewall failing to verify the checksum of a TCP SYN packet before it is allowed through the firewall and a connection state is setup to track the half-open connection. Packets with incorrect checksum values will be silently discarded by the destination host without a RST reply. This causes the connection state to be held up to two minutes before it is cleared. In the meantime, legitimate SYN packets with the same protocol, IP addresses, and ports are discarded by the firewall.
Successful exploitation allows an attacker to prevent a host from establishing connections to another host through the firewall.
The vulnerability has been reported in PIX 6.3 and PIX/ASA 7.0.
SOLUTION: The vendor recommends the following workaround.
1) Issue the commands "clear xlate" or "clear local-host
2) Modify the default TCP embryonic connection timeout to a lower value. e.g. 10 seconds.
3) Configure TCP Intercept to allow PIX to proxy all TCP connection attempts originated from behind any firewall interface after the first connection. This will have a performance impact.
PROVIDED AND/OR DISCOVERED BY: Konstantin V. Gavrilenko, Arhont Ltd
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200511-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "6.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "pix os",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5350"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5256.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "525"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "520"
},
{
"model": "pix firewall 515e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "515"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5060"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5010"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.3(133)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.109)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3.102)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3(110)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2.111"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3.100)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5(104)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.5"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4.101)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(3)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1.200)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(9)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(7)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(6)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(3.210)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(2)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2(1)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(4.206)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(8)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(7.202)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4(4)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.4"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.2"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"model": "pix firewall b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.6"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "pix firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.7"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "BID",
"id": "15525"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3774"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Randy Ivener rivener@cisco.com Konstantin V. Gavrilenko mlists@arhont.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3774",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2005-3774",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-14982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3774",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#853540",
"trust": 0.8,
"value": "4.59"
},
{
"author": "NVD",
"id": "CVE-2005-3774",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200511-314",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14982",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "VULHUB",
"id": "VHN-14982"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination. Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Cisco PIX Firewall Is illegal TCP SYN When a packet is processed, the packet and source and destination information for a certain period of time (IP Address and port ) There is a function that rejects packets that match, and there is a vulnerability that prevents communication from a legitimate host if the source information of the wrong packet is spoofed by that of a legitimate host.From a specific source TCP Communication is interrupted for a certain period of time (DoS) It may be in a state. \nThis issue allows attackers to temporarily block network traffic to arbitrarily targeted TCP services. By repeating the attack, a prolonged denial-of-service condition is possible. Cisco PIX is a hardware firewall solution. Remote attackers may use this loophole to cause a denial of service attack on legitimate access sources. So an attacker can send a specially crafted TCP packet with a wrong checksum, setting the source/destination IP and port to a legitimate host. Once the PIX firewall receives such a message, it cannot establish a new TCP session with the credentials specified in the malicious message. The default time is 2 minutes and 2 seconds, and then it will resume normal operation. Gavrilenko has reported a vulnerability in Cisco PIX,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to the firewall failing to verify the\nchecksum of a TCP SYN packet before it is allowed through the firewall\nand a connection state is setup to track the half-open connection. \nPackets with incorrect checksum values will be silently discarded by\nthe destination host without a RST reply. This causes the connection\nstate to be held up to two minutes before it is cleared. In the\nmeantime, legitimate SYN packets with the same protocol, IP\naddresses, and ports are discarded by the firewall. \n\nSuccessful exploitation allows an attacker to prevent a host from\nestablishing connections to another host through the firewall. \n\nThe vulnerability has been reported in PIX 6.3 and PIX/ASA 7.0. \n\nSOLUTION:\nThe vendor recommends the following workaround. \n\n1) Issue the commands \"clear xlate\" or \"clear local-host \u003cip address\non the higher security level interface\u003e\" to allow the firewall to\npass connections again. \n\n2) Modify the default TCP embryonic connection timeout to a lower\nvalue. e.g. 10 seconds. \n\n3) Configure TCP Intercept to allow PIX to proxy all TCP connection\nattempts originated from behind any firewall interface after the\nfirst connection. This will have a performance impact. \n\nPROVIDED AND/OR DISCOVERED BY:\nKonstantin V. Gavrilenko, Arhont Ltd\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "BID",
"id": "15525"
},
{
"db": "VULHUB",
"id": "VHN-14982"
},
{
"db": "PACKETSTORM",
"id": "41770"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14982",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14982"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "17670",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#853540",
"trust": 3.3
},
{
"db": "BID",
"id": "15525",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2005-3774",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2005-2546",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "24140",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1015256",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314",
"trust": 0.7
},
{
"db": "XF",
"id": "25079",
"trust": 0.6
},
{
"db": "XF",
"id": "25077",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20051128 RESPONSE TO CISCO PIX TCP CONNECTION PREVENTION",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20051122 CISCO PIX TCP CONNECTION PREVENTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20051122 CISCO PIX TCP CONNECTION PREVENTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060307 RE: CISCO PIX EMBRYONIC STATE MACHINE 1B DATA DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060307 CISCO PIX EMBRYONIC STATE MACHINE 1B DATA DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060307 CISCO PIX EMBRYONIC STATE MACHINE TTL(N-1) DOS",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "26548",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "1338",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80179",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-14982",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41770",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "VULHUB",
"id": "VHN-14982"
},
{
"db": "BID",
"id": "15525"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "PACKETSTORM",
"id": "41770"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"id": "VAR-200511-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14982"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:36.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-response-20051122-pix",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"title": "cisco-sr-20060307-pix",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060307-pix.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-november/038983.html"
},
{
"trust": 2.5,
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/15525"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"trust": 2.1,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-november/038971.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17670/"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/24140"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015256"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17670"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2005/2546"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/sw/secursw/ps2120/products_security_notice09186a008059a411.html"
},
{
"trust": 0.8,
"url": "http://www.ciac.org/ciac/bulletins/q-062.shtml"
},
{
"trust": 0.8,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-november/038971.html "
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3774"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-3774"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25079"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25077"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/427041/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426991/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426989/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/417458/30/0/threaded"
},
{
"trust": 0.3,
"url": "http://seclists.org/lists/fulldisclosure/2006/mar/0146.html"
},
{
"trust": 0.3,
"url": "/archive/1/426991"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/56/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "VULHUB",
"id": "VHN-14982"
},
{
"db": "BID",
"id": "15525"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "PACKETSTORM",
"id": "41770"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#853540"
},
{
"db": "VULHUB",
"id": "VHN-14982"
},
{
"db": "BID",
"id": "15525"
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"db": "PACKETSTORM",
"id": "41770"
},
{
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#853540"
},
{
"date": "2005-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-14982"
},
{
"date": "2005-11-22T00:00:00",
"db": "BID",
"id": "15525"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"date": "2005-11-30T04:03:08",
"db": "PACKETSTORM",
"id": "41770"
},
{
"date": "2005-11-23T00:03:00",
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"date": "2005-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-01T00:00:00",
"db": "CERT/CC",
"id": "VU#853540"
},
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14982"
},
{
"date": "2006-03-10T01:15:00",
"db": "BID",
"id": "15525"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000696"
},
{
"date": "2018-10-19T15:39:04.887000",
"db": "NVD",
"id": "CVE-2005-3774"
},
{
"date": "2007-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX fails to verify TCP checksum",
"sources": [
{
"db": "CERT/CC",
"id": "VU#853540"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "15525"
},
{
"db": "CNNVD",
"id": "CNNVD-200511-314"
}
],
"trust": 0.9
}
}
var-200705-0481
Vulnerability from variot
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions.". The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. This vulnerability is documented as bug CSCsi16248.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network.
Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication.
2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.
Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password.
Successful exploitation requires that clientless SSL is used.
4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device.
Successful exploitation requires that devices are configured to use the DHCP relay agent.
SOLUTION: Apply updated software versions. Please see vendor advisories for details.
PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html
US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057
OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2464",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2464",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-25826",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2464",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#337508",
"trust": 0.8,
"value": "0.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#210876",
"trust": 0.8,
"value": "2.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#530057",
"trust": 0.8,
"value": "0.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-25826",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25826"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\". The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. This vulnerability is documented as bug CSCsi16248. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) An unspecified error exists when using the LDAP authentication\nmechanism, which can be exploited to bypass the authentication and\ngain access to the device or the network. \n\nSuccessful exploitation requires that the device uses the Layer 2\nTunneling Protocol (L2TP) and is configured to use LDAP servers with\nanother protocol other than PAP for authentication, or that the\ndevice offers remote management access (telnet, SSH, HTTP) and uses\nan LDAP AAA server for authentication. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. In order to exploit this in IPSec VPN\nconnections, an attacker also needs to know the group name and group\npassword. \n\nSuccessful exploitation requires that clientless SSL is used. \n\n4) An error within the DHCP relay agent when handling DHCPACK\nmessages can be exploited to cause a DoS due to memory exhaustion by\nsending a large number of DHCP requests to a vulnerable device. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "VULHUB",
"id": "VHN-25826"
},
{
"db": "PACKETSTORM",
"id": "56436"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#337508",
"trust": 3.6
},
{
"db": "BID",
"id": "23768",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2007-2464",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "25109",
"trust": 2.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1636",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "35333",
"trust": 1.7
},
{
"db": "XF",
"id": "34023",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#210876",
"trust": 1.2
},
{
"db": "CERT/CC",
"id": "VU#530057",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "35331",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25826"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"id": "VAR-200705-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25826"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:24.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070502-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2464"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/337508"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/23768"
},
{
"trust": 2.4,
"url": "http://www.cisco.com/en/us/products/ps6120/index.html"
},
{
"trust": 2.4,
"url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/35333"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25109"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1636"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/34023"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/25109/"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/110/webvpnasa.pdf"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/35331"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2464"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2464"
},
{
"trust": 0.4,
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/467385"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25826"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25826"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2007-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-25826"
},
{
"date": "2007-05-02T00:00:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"date": "2007-05-04T05:48:13",
"db": "PACKETSTORM",
"id": "56436"
},
{
"date": "2007-05-02T22:19:00",
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"date": "2007-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-04T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-25826"
},
{
"date": "2016-07-06T14:39:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000337"
},
{
"date": "2023-08-11T19:02:04.560000",
"db": "NVD",
"id": "CVE-2007-2464"
},
{
"date": "2007-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA clientless SSL VPN denial of service vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-031"
}
],
"trust": 0.6
}
}
var-200810-0196
Vulnerability from variot
Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. Cisco PIX and ASA is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks. This issue is being monitored by Cisco Bug ID CSCsj25896. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services.
SOLUTION: Update to fixed versions (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. This security advisory outlines details of these vulnerabilities:
- Windows NT Domain Authentication Bypass Vulnerability
- IPv6 Denial of Service Vulnerability
- Crypto Accelerator Memory Leak Vulnerability
Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following are the details about each vulnerability described within this advisory. Devices that are using any other type of external authentication (that is, LDAP, RADIUS, TACACS+, SDI, or local database) are not affected by this vulnerability.
The following example demonstrates how Windows NT domain authentication is configured using the command line interface (CLI) on the Cisco ASA:
aaa-server NTAuth protocol nt
aaa-server NTAuth (inside) host 10.1.1.4
nt-auth-domain-controller primary1
Alternatively, to see if a device is configured for Windows NT Domain authentication use the "show running-config | include nt-auth-domain-controller" command. This vulnerability does not affect devices configured only for IPv4.
Note: IPv6 functionality is turned off by default.
IPv6 is enabled on the Cisco ASA and Cisco PIX security appliance using the "ipv6 address" interface command. To verify if a device is configured for IPv6 use the "show running-config | include ipv6" command.
Alternatively, you can display the status of interfaces configured for IPv6 using the show ipv6 interface command in privileged EXEC mode, as shown in the following example:
hostname# show ipv6 interface brief
outside [up/up]
unassigned
inside [up/up]
fe80::20d:29ff:fe1d:69f0
fec0::a:0:0:a0a:a70
dmz [up/up]
unassigned
In this example, the "outside" and "dmz" interfaces are not configured for IPv6.
Crypto Accelerator Memory Leak Vulnerability +-------------------------------------------
Cisco ASA security appliances may experience a memory leak that can be triggered by a series of crafted packets. This memory leak occurs in the initialization code for the hardware crypto accelerator. Devices that are running software versions in the 8.0.x release are vulnerable.
Note: Cisco ASA appliances that are running software versions in the 7.0, 7.1, and 7.2 releases are not vulnerable.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Security Appliance that runs software release 8.0(4):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find the version of the software displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of these vulnerabilities. Cisco PIX security appliances running versions 6.x are not vulnerable. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. NT Domain authentication is supported only for remote access VPNs. Devices that are running software version 7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable. This vulnerability does not affect devices that are configured only for IPv4.
Note: Devices that are running software versions in the 7.0, 7.1, 8.0, and 8.1 releases are not vulnerable.
To configure IPv6 on a Cisco ASA or Cisco PIX security appliance, at a minimum, each interface needs to be configured with an IPv6 link-local address. Additionally, you can add a global address to the interface.
Note: Only packets that are destined to the device (not transiting the device) may trigger the effects of this vulnerability. These packets must be destined to an interface configured for IPv6.
Crypto Accelerator Memory Leak Vulnerability +-------------------------------------------
The Cisco ASA security appliances may experience a memory leak triggered by a series of packets. This memory leak occurs in the initialization code for the hardware crypto accelerator.
Note: Only packets destined to the device (not transiting the device) may trigger this vulnerability.
The following Cisco ASA features use the services the crypto accelerator provides, and therefore may be affected by this vulnerability:
- Clientless WebVPN, SSL VPN Client, and AnyConnect Connections
- ASDM (HTTPS) Management Sessions
- Cut-Through Proxy for Network Access
- TLS Proxy for Encrypted Voice Inspection
- IP Security (IPsec) Remote Access and Site-to-site VPNs
- Secure Shell (SSH) Access
This vulnerability is documented in Cisco Bug ID CSCsj25896 and has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-3817.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss
- Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.7 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crypto Accelerator Memory Leak (CSCsj25896)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass Vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. The Denial of Service (DoS) vulnerabilities may cause a reload of the affected device. Repeated exploitation could result in a sustained DoS condition.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following list contains the first fixed software release of each vulnerability:
+----------------------------------------+ | | Affected | First | | Vulnerability | Release | Fixed | | | | Version | |----------------+----------+------------| | | 7.0 | 7.0(8)3 | | |----------+------------| | Windows NT | 7.1 | 7.1(2)78 | |Domain |----------+------------| | Authentication | 7.2 | 7.2(4)16 | |Bypass |----------+------------| | Vulnerability | 8.0 | 8.0(4)6 | | |----------+------------| | | 8.1 | 8.1(1)13 | |----------------+----------+------------| | | 7.0 | Not | | | | Vulnerable | | |----------+------------| | | 7.1 | Not | | | | Vulnerable | |IPv6 Denial of |----------+------------| | Service | 7.2 | 7.2(4)11 | |Vulnerability |----------+------------| | | 8.0 | Not | | | | Vulnerable | | |----------+------------| | | 8.1 | Not | | | | Vulnerable | |----------------+----------+------------| | | 7.0 | Not | | | | Vulnerable | | |----------+------------| | | 7.1 | Not | | Crypto | | Vulnerable | |Accelerator |----------+------------| | Memory Leak | 7.2 | Not | | Vulnerability | | Vulnerable | | |----------+------------| | | 8.0 | 8.0(4) | | |----------+------------| | | 8.1 | 8.1(2) | +----------------------------------------+
The following maintenance software releases are the first software releases that contain the fixes for the vulnerabilities mentioned in this Security Advisory:
Fixed PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fix ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
For the "Windows NT Domain Authentication Bypass Vulnerability", only interim fixed software is currently available. Customers wishing to upgrade to a fixed version instead of applying a workaround may download PIX and ASA interim versions from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
Windows NT Domain Authentication Bypass Vulnerability +----------------------------------------------------
LDAP authentication is not affected by this vulnerability.
Note: For more information about support for a specific AAA server type, refer to the following link: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492
IPv6 Denial of Service Vulnerability +-----------------------------------
Customers that do not require IPv6 functionality on their devices can use the "no ipv6 address" interface sub-command to disable processing of IPv6 packets and eliminate their exposure
Crypto Accelerator Memory Leak Vulnerability +-------------------------------------------
There are no workarounds for this vulnerability.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
These vulnerabilities were found during internal testing and during the resolution of a technical support service request.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at :
http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2008-October-22 | Initial public release | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2007-2008 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Oct 22, 2008 Document ID: 108009
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp tGIAnR507Su0d3whQe31Igigg3xQjC1z =4yFl -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "asa 5500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "asa 5500",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)13"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)16"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)78"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)3"
}
],
"sources": [
{
"db": "BID",
"id": "31864"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asa_5500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3815"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3815",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3815",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-33940",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3815",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33940",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. Cisco PIX and ASA is prone to an authentication-bypass vulnerability. \nRemote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks. \nThis issue is being monitored by Cisco Bug ID CSCsj25896. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. \n\nSOLUTION:\nUpdate to fixed versions (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. This security\nadvisory outlines details of these vulnerabilities:\n\n * Windows NT Domain Authentication Bypass Vulnerability\n * IPv6 Denial of Service Vulnerability\n * Crypto Accelerator Memory Leak Vulnerability\n\nNote: These vulnerabilities are independent of each other. A device may\nbe affected by one vulnerability and not affected by another. \n\nCisco has released free software updates that address these\nvulnerabilities. Workarounds that mitigate some of these\nvulnerabilities are available. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following are the details about each vulnerability described within\nthis advisory. Devices that are\nusing any other type of external authentication (that is, LDAP, RADIUS,\nTACACS+, SDI, or local database) are not affected by this vulnerability. \n\nThe following example demonstrates how Windows NT domain authentication\nis configured using the command line interface (CLI) on the Cisco ASA:\n\n aaa-server NTAuth protocol nt\n aaa-server NTAuth (inside) host 10.1.1.4\n nt-auth-domain-controller primary1\n\nAlternatively, to see if a device is configured for Windows NT Domain\nauthentication use the\n\"show running-config | include nt-auth-domain-controller\"\ncommand. \nThis vulnerability does not affect devices configured only for IPv4. \n\nNote: IPv6 functionality is turned off by default. \n\nIPv6 is enabled on the Cisco ASA and Cisco PIX security appliance\nusing the \"ipv6 address\" interface command. To verify if a device\nis configured for IPv6 use the \"show running-config | include ipv6\"\ncommand. \n\nAlternatively, you can display the status of interfaces configured for\nIPv6 using the show ipv6 interface command in privileged EXEC mode, as\nshown in the following example:\n\n hostname# show ipv6 interface brief\n outside [up/up]\n unassigned\n inside [up/up]\n fe80::20d:29ff:fe1d:69f0\n fec0::a:0:0:a0a:a70\n dmz [up/up]\n unassigned\n\nIn this example, the \"outside\" and \"dmz\" interfaces are not configured\nfor IPv6. \n\nCrypto Accelerator Memory Leak Vulnerability\n+-------------------------------------------\n\nCisco ASA security appliances may experience a memory leak that can be\ntriggered by a series of crafted packets. This memory leak occurs in the\ninitialization code for the hardware crypto accelerator. Devices that\nare running software versions in the 8.0.x release are vulnerable. \n\nNote: Cisco ASA appliances that are running software versions in the\n7.0, 7.1, and 7.2 releases are not vulnerable. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Security\nAppliance that runs software release 8.0(4):\n\n ASA# show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n [...]\n\nCustomers who use the Cisco Adaptive Security Device Manager (ASDM) to\nmanage their devices can find the version of the software displayed in\nthe table in the login window or in the upper left corner of the ASDM\nwindow. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) is not affected by any of\nthese vulnerabilities. Cisco PIX security appliances running versions\n6.x are not vulnerable. No other Cisco products are currently known to\nbe affected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. NT Domain authentication is supported only for remote\naccess VPNs. Devices that are running software version\n7.2(4)9 or 7.2(4)10 and configured for IPv6 may be vulnerable. This\nvulnerability does not affect devices that are configured only for IPv4. \n\nNote: Devices that are running software versions in the 7.0, 7.1, 8.0,\nand 8.1 releases are not vulnerable. \n\nTo configure IPv6 on a Cisco ASA or Cisco PIX security appliance, at a\nminimum, each interface needs to be configured with an IPv6 link-local\naddress. Additionally, you can add a global address to the interface. \n\nNote: Only packets that are destined to the device (not transiting the\ndevice) may trigger the effects of this vulnerability. These packets\nmust be destined to an interface configured for IPv6. \n\nCrypto Accelerator Memory Leak Vulnerability\n+-------------------------------------------\n\nThe Cisco ASA security appliances may experience a memory leak triggered\nby a series of packets. This memory leak occurs in the initialization\ncode for the hardware crypto accelerator. \n\nNote: Only packets destined to the device (not transiting the device)\nmay trigger this vulnerability. \n\nThe following Cisco ASA features use the services the crypto accelerator\nprovides, and therefore may be affected by this vulnerability:\n\n * Clientless WebVPN, SSL VPN Client, and AnyConnect Connections\n * ASDM (HTTPS) Management Sessions\n * Cut-Through Proxy for Network Access\n * TLS Proxy for Encrypted Voice Inspection\n * IP Security (IPsec) Remote Access and Site-to-site VPNs\n * Secure Shell (SSH) Access\n\nThis vulnerability is documented in Cisco Bug ID CSCsj25896 and has\nbeen assigned the Common Vulnerabilities and Exposures (CVE) identifier\nCVE-2008-3817. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* Windows NT Domain Authentication Bypass Vulnerability (CSCsu65735)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.7\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may reload after receiving certain IPv6 packets (CSCsu11575)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crypto Accelerator Memory Leak (CSCsj25896)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass Vulnerability\nmay allow an attacker to successfully connect to the Cisco ASA via\nremote access IPSec or SSL-based VPN. The Denial of Service (DoS)\nvulnerabilities may cause a reload of the affected device. Repeated\nexploitation could result in a sustained DoS condition. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following list contains the first fixed software release of each\nvulnerability:\n\n+----------------------------------------+\n| | Affected | First |\n| Vulnerability | Release | Fixed |\n| | | Version |\n|----------------+----------+------------|\n| | 7.0 | 7.0(8)3 |\n| |----------+------------|\n| Windows NT | 7.1 | 7.1(2)78 |\n|Domain |----------+------------|\n| Authentication | 7.2 | 7.2(4)16 |\n|Bypass |----------+------------|\n| Vulnerability | 8.0 | 8.0(4)6 |\n| |----------+------------|\n| | 8.1 | 8.1(1)13 |\n|----------------+----------+------------|\n| | 7.0 | Not |\n| | | Vulnerable |\n| |----------+------------|\n| | 7.1 | Not |\n| | | Vulnerable |\n|IPv6 Denial of |----------+------------|\n| Service | 7.2 | 7.2(4)11 |\n|Vulnerability |----------+------------|\n| | 8.0 | Not |\n| | | Vulnerable |\n| |----------+------------|\n| | 8.1 | Not |\n| | | Vulnerable |\n|----------------+----------+------------|\n| | 7.0 | Not |\n| | | Vulnerable |\n| |----------+------------|\n| | 7.1 | Not |\n| Crypto | | Vulnerable |\n|Accelerator |----------+------------|\n| Memory Leak | 7.2 | Not |\n| Vulnerability | | Vulnerable |\n| |----------+------------|\n| | 8.0 | 8.0(4) |\n| |----------+------------|\n| | 8.1 | 8.1(2) |\n+----------------------------------------+\n\nThe following maintenance software releases are the first software\nreleases that contain the fixes for the vulnerabilities mentioned in\nthis Security Advisory:\n\nFixed PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2\n\nFix ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2\n\nFor the \"Windows NT Domain Authentication Bypass Vulnerability\", only\ninterim fixed software is currently available. Customers wishing to\nupgrade to a fixed version instead of applying a workaround may download\nPIX and ASA interim versions from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT?psrtdcat20e2\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nWindows NT Domain Authentication Bypass Vulnerability\n+----------------------------------------------------\n\nLDAP authentication is not affected by this vulnerability. \n\nNote: For more information about support for a specific AAA server\ntype, refer to the following link:\nhttp://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492\n\nIPv6 Denial of Service Vulnerability\n+-----------------------------------\n\nCustomers that do not require IPv6 functionality on their devices can\nuse the \"no ipv6 address\" interface sub-command to disable processing of\nIPv6 packets and eliminate their exposure\n\nCrypto Accelerator Memory Leak Vulnerability\n+-------------------------------------------\n\nThere are no workarounds for this vulnerability. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerabilities described in this advisory. \n\nThese vulnerabilities were found during internal testing and during the\nresolution of a technical support service request. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at :\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2008-October-22 | Initial public release |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding Cisco\nsecurity notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2007-2008 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Oct 22, 2008 Document ID: 108009\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkj/S+kACgkQ86n/Gc8U/uAw4gCePvCNEXPlmyKTJaXsjCs6lJHp\ntGIAnR507Su0d3whQe31Igigg3xQjC1z\n=4yFl\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "BID",
"id": "31864"
},
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "PACKETSTORM",
"id": "71191"
},
{
"db": "PACKETSTORM",
"id": "71146"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-33940",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3815",
"trust": 2.9
},
{
"db": "BID",
"id": "31864",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "32360",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2008-2899",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1021090",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1021089",
"trust": 1.7
},
{
"db": "XF",
"id": "46024",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20081022 MULTIPLE VULNERABILITIES IN CISCO PIX AND CISCO ASA",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:5983",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "71146",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-33940",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "71191",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "BID",
"id": "31864"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "PACKETSTORM",
"id": "71191"
},
{
"db": "PACKETSTORM",
"id": "71146"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"id": "VAR-200810-0196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:34:21.195000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20081022-asa",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a183ba.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/31864"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021089"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021090"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32360"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/2899"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/46024"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5983"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2899"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3815"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3815"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5983"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/475156"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/16163/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/16164/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/6115/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32360/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/6102/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3817"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3815"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/docs/security/asa/asa80/configuration/guide/aaa.html#wp1069492"
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3816"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "BID",
"id": "31864"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "PACKETSTORM",
"id": "71191"
},
{
"db": "PACKETSTORM",
"id": "71146"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33940"
},
{
"db": "BID",
"id": "31864"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"db": "PACKETSTORM",
"id": "71191"
},
{
"db": "PACKETSTORM",
"id": "71146"
},
{
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-33940"
},
{
"date": "2008-10-22T00:00:00",
"db": "BID",
"id": "31864"
},
{
"date": "2008-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"date": "2008-10-23T23:36:06",
"db": "PACKETSTORM",
"id": "71191"
},
{
"date": "2008-10-22T22:50:17",
"db": "PACKETSTORM",
"id": "71146"
},
{
"date": "2008-10-23T22:00:01.137000",
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"date": "2008-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-33940"
},
{
"date": "2008-10-22T19:56:00",
"db": "BID",
"id": "31864"
},
{
"date": "2008-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001891"
},
{
"date": "2017-09-29T01:31:52.553000",
"db": "NVD",
"id": "CVE-2008-3815"
},
{
"date": "2009-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA In VPN Vulnerability that bypasses authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001891"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-400"
}
],
"trust": 0.6
}
}
var-201101-0314
Vulnerability from variot
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. The problem is Bug ID CSCti24526 It is a problem.A large amount of different source addresses by a third party RA Interfering with service operation by sending a message (CPU Resource consumption and device hangs ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Multiple vendors' products are prone to an IPv6-related denial-of-service vulnerability. A remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months.
Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
Vendors: Cisco, Juniper, Microsoft, FreeBSD Affected Products: All Cisco IOS ASA with firmware < November 2010 All Netscreen versions All Windows versions All FreeBSD version Vulnerability: ICMPv6 Router Announcement flooding denial of service Severity: 7.8 (CVE CVSS Score), local network CVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669
Update Section:
05 April 2011 Initial release
Overview:
When flooding the local network with random router advertisements, hosts and routers update the network information, consuming all available CPU resources, making the systems unusable and unresponsive. As IPv6 and autoconfiguration are enabled by default, all are affected in their default configuration. For Windows, a personal firewall or similar security product does not protect against this attack.
Note: Microsoft does not want to fix this security issue for their products.
Impact:
Updating the routing tables and configuring IPv6 addresses take up all available CPU resources. Routers and firewalls do not forward traffic.
The denial of service is in affect until the flooding is terminated.
The exact impact differs from the affected system type: Cisco: 100% traffic loss with autconfiguration active, 80% without. Netscreen: Only affected when the interface is configured as host, traffic is forwarded until the neighbor information times out, then the traffic is lost Windows: 100% CPU, 100% RAM FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot occasionally. Old Linux kernels are also affected, detailed version information unknown.
Description:
On IPv6 networks, hosts automatically find out about available routers via ICMPv6 router announcements which are sent by the routers. Additionally, router announcemens are used to replace DHCP by the so called autoconfiguration feature.
Windows and FreeBSD - like all modern operating systems - enable IPv6 and autoconfiguration by default and are thereby vulnerable. A personal firewall will not protect against this attack.
If a system receives a router announcement of a new router, it updates its routing table with the new router, and if the autoconfiguration flag is set on the announcement (and the host is configured to configure its IPv6 address by this mechanism), the host chooses an IPv6 address from the announced network space.
If a network is flooded with random router announcements, systems scramble to update their routing tables and configure IPv6 addresses.
Exploit:
Flood the network with router advertisements coming from different routers and announcing different network prefixes.
A tool to test for this vulnerability is included in the thc-ipv6 package, called flood_router6.
Solution:
Cisco: IOS fix CSCti24526 , ASA fix CSCti33534 Linux: fixed prior 2010 Netscreen: Juniper waiting for IETF results for how to fix the issue FreeBSD: unknown Windows: Microsoft made clear that they do not plan to issue a fix for this security issue.
Workaround:
The procession of router announcements must be disabled. Please consult your system manual on how to this for your affected platform. Alternatively, disable IPv6.
Vendor communication:
10 July 2010 Microsoft informed
10 July 2010 Cisco informed
01 August 2010 Cisco confirms problem, announces fix for October
12 August 2010 Microsoft confirms vulnerability, states no fix will be supplied.
22 November 2010 Cisco confirms fixes are available and started to be deployed in current firmwares
28 December 2010 vendor-sec informed (among other issues)
05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks before)
20 February 2011 Juniper informed
09 March 2011 Juniper confirms problem
01 April 2011 Juniper informs that they work with the IETF to develop a standard method to cope with this and similar attacks.
Contact:
Marc Heuse mh@mh-sec.de http://www.mh-sec.de
The information provided is released "as is" without warranty of any kind. The publisher disclaims all warranties, either express or implied, including all warranties of merchantability. No responsibility is taken for the correctness of this information. In no event shall the publisher be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the publisher has been advised of the possibility of such damages.
The contents of this advisory is copyright (c) 2010,2011 by Marc Heuse and may be distributed freely provided that no fee is charged for the distribution and proper credit is given.
-- Marc Heuse www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201101-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios 12.2",
"scope": null,
"trust": 8.7,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3",
"scope": null,
"trust": 6.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0",
"scope": null,
"trust": 6.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1",
"scope": null,
"trust": 5.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s",
"scope": null,
"trust": 4.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5",
"scope": null,
"trust": 4.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e",
"scope": null,
"trust": 3.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t",
"scope": null,
"trust": 3.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s1",
"scope": null,
"trust": 3.0,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e1",
"scope": null,
"trust": 2.4,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s6",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e3",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s7",
"scope": null,
"trust": 1.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2.1"
},
{
"model": "ios 12.0 s3",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ex",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t8",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sv1",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t4",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bx",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e12",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 dc2",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 ja",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.19\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.17\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.14\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.15\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(6.7\\)"
},
{
"model": "5500 series adaptive security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(2.49\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(1.22\\)"
},
{
"model": "asa 5500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(5.2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.16\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(0\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.8\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.18\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.10\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(2.5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(4\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.48\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(2.48\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.3"
},
{
"model": "adaptive security appliance software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(3\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.6"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1\\(2.27\\)"
},
{
"model": "ios 12.1 e8",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 p",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sw",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e4",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 ja1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 t2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xr",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 dc",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew4",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ewa",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e7",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t9",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ja1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st6",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sv",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ja",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e9",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t9",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sx",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance 5500 series",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "8.2(3)"
},
{
"model": "pix security appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asa",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2(3)"
},
{
"model": "pix",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "8.2(3)"
},
{
"model": "ios 12.2 ew3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 sa6",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t8",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.0",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xe4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e14",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2b",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 t1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zl",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s6",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 se",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s9",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zk",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yf",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xk2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zd3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 bc",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sc",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st7",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e6",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 mr",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe?",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ew2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 db2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s8",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xu",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 xa",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t16",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s4",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ewa3",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s5a",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eb",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ew",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"model": "ios 12.4jk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.19)"
},
{
"model": "ios 12.2 sz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 seb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"model": "ios 12.2 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ca",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"model": "ios 12.2yr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(5)"
},
{
"model": "ios 12.2 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.3.3"
},
{
"model": "ios 12.2 sxd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sw3a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.1 da3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp embedded sp2 feature pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20070"
},
{
"model": "ios 12.1 yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 jx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3ha",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ey3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.0.4"
},
{
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(3)"
},
{
"model": "ios 12.0 s8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista business sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.1 ex3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3jea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t0a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(31)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18)"
},
{
"model": "ios 12.3xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios aa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "ios 12.1 eb1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sp1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.17)"
},
{
"model": "ios 12.1 ea1e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios xf",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.2"
},
{
"model": "ios 12.3 xi4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 11.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(14)"
},
{
"model": "ios 12.2 da4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(14.5)"
},
{
"model": "ios 12.3jx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.16)"
},
{
"model": "ios 12.3 xq1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2.2"
},
{
"model": "ios 12.1 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "ios 12.0 wc3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(5)"
},
{
"model": "ios 12.2 sv2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(2.48)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1"
},
{
"model": "ios 12.2 fx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2bx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(18.4)"
},
{
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 bc2i",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"model": "ios 12.3 xl3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.0st",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3ys",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.2)"
},
{
"model": "ios 12.2xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xa3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x640"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2.4"
},
{
"model": "ios 12.2 zj2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2seb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.19)"
},
{
"model": "ios 12.2xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yq1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios t2",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.3"
},
{
"model": "ios 12.2yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.1 eo3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ewa2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(6)"
},
{
"model": "ios 12.2 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 bc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.4.2"
},
{
"model": "ios 12.3yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.2"
},
{
"model": "ios 12.0xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2(11)"
},
{
"model": "ios 12.2 sbc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 dc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3"
},
{
"model": "ios 12.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.0.5"
},
{
"model": "ios 12.2sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2p",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 11.2 gs0.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv3"
},
{
"model": "ios 12.0 sv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2"
},
{
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xf1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "ios 12.0xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios 12.1 ea3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios ca",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios 12.3 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 mr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0 m1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1)"
},
{
"model": "ios 12.4xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 ey3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios/700",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.35)"
},
{
"model": "windows vista december ctp gold",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "ios 12.2eu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 yw3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.39)"
},
{
"model": "ios 12.2 ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "ios 12.3 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios aa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios 12.3bw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.10"
},
{
"model": "ios 12.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.2"
},
{
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.2 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.14)"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp1 platform sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2sw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ia",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.16"
},
{
"model": "ios 12.0ev",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(2.49)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)"
},
{
"model": "windows server enterprise edition itanium sp2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 ea6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows rc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1"
},
{
"model": "ios 12.3 xg2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(1)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv5"
},
{
"model": "ios 12.1 e20",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0 xa5",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(4)"
},
{
"model": "ios 12.0sc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xy5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)16"
},
{
"model": "ios 12.1 ec3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2(17)"
},
{
"model": "ios 12.0 wt6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xd",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"model": "ios 12.2yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0m",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 p2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 eu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e16",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ewa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(16)"
},
{
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2ys",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(23.6)"
},
{
"model": "ios 12.2 xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5-32a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(12)"
},
{
"model": "ios 12.0 w5-27d",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.4.3"
},
{
"model": "ios 12.3 yg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.15)"
},
{
"model": "windows beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "ios 12.2 dd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.1 ea2c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition sp2 web",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios 12.2 so4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv4"
},
{
"model": "ios 12.2 da2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software interim",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.8"
},
{
"model": "ios 12.2xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2cz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(16)"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "-x64"
},
{
"model": "ios 12.2 da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(11)"
},
{
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sc3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sec1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ia",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.9"
},
{
"model": "windows server gold datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 zh8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(5)"
},
{
"model": "ios 12.3 xc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"model": "ios 12.2 zo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(10)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(9)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0xv"
},
{
"model": "ios 11.1 cc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wx5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "ios 12.2 jk5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0dc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2tpc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.40)"
},
{
"model": "ios 12.2 mb13c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4jx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server r2 datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios 12.3yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e18",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 seb3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp1 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.4 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2gs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xc4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xs1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(12)"
},
{
"model": "ios 12.0 xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(21)"
},
{
"model": "ios 12.2yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e17",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(13)"
},
{
"model": "ios 12.2 zl1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold x64-datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.4"
},
{
"model": "ios 12.3yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2by",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 b2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.6"
},
{
"model": "ios 12.3 yf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.2.1"
},
{
"model": "ios 12.2 sz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yt1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "dream poll final",
"scope": "eq",
"trust": 0.3,
"vendor": "dreamlevels",
"version": "3.0"
},
{
"model": "ios 12.1 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios ia",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.13"
},
{
"model": "ios 12.2 t14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "windows vista december ctp",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.2 sec2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 ym4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.6"
},
{
"model": "ios 12.2sxa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ez",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ct",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.17"
},
{
"model": "ios 12.4xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios 12.2 yy3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios bc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.16"
},
{
"model": "ios aa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.16"
},
{
"model": "ios 12.3 xc3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2fy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(2.1)"
},
{
"model": "ios 12.2s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2pb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.7"
},
{
"model": "ios 12.2 yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2jk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 za",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc2e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.2"
},
{
"model": "ios 12.2xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 da1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3jk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(7)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(4)"
},
{
"model": "ios 12.1 xi8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios bt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.17"
},
{
"model": "ios 12.0 st4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 jk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.10)"
},
{
"model": "ios 12.2 yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios 12.4jda",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(2.27)"
},
{
"model": "ios 12.0 sz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xe2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15.0"
},
{
"model": "ios 12.3 yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software interim",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.2.2"
},
{
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2"
},
{
"model": "ios 11.1ca",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios w",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.1"
},
{
"model": "ios 12.3xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.5"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.15)"
},
{
"model": "ios p",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.9"
},
{
"model": "ios 12.0 wc9",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 w5-30b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios f1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios 12.3 jk1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yd6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "ios 12.1 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(22)"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios 12.2 xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0"
},
{
"model": "ios 12.2yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(6.7)"
},
{
"model": "ios 12.2 xi2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(2.13)"
},
{
"model": "ios 12.4xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 bc6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0wx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 by2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server gold x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.4md",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(27)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(3)"
},
{
"model": "ios 12.2 ewa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 st5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ew5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "ios 12.3 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 fc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios f",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.4"
},
{
"model": "ios 12.3xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mb12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios 12.1 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.4xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"model": "ios 12.3 xc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.16)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.44)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.4"
},
{
"model": "ios 12.1 ay",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.3 xi7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2.3"
},
{
"model": "ios 12.3 xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition sp2 hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(27)"
},
{
"model": "ios cc",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.17"
},
{
"model": "ios 12.2 xd3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.7)"
},
{
"model": "ios 12.1 xu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(5)xv"
},
{
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2mc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea5a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)23"
},
{
"model": "ios 12.2sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(5)"
},
{
"model": "ios 12.2 pi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp gold home",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 b2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sw4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.20.3"
},
{
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2su",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista december ctp sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(12)"
},
{
"model": "ios t7",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1"
},
{
"model": "ios 12.3 xg4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.1 da2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 se3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios bt",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0.12"
},
{
"model": "ios 11.3db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ca",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.13"
},
{
"model": "ios 12.2 zb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xn1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "ios 12.2 sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "ios 12.2sh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(12)"
},
{
"model": "ios 12.3 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2pi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp gold embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0wt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yb5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ev01",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"model": "ios 12.2yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sl1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios aa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.13"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "ios 12.3xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2bz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yw2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.10)"
},
{
"model": "ios 12.2 t5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2zf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.8)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(13)"
},
{
"model": "ios 11.2 bc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xk3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xi3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.8"
},
{
"model": "ios 12.0 wx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1m",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.5)"
},
{
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0 sl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sx1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.28)"
},
{
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2zi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(24)"
},
{
"model": "ios 12.2 bc3c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 cz3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0 e",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t17",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3jec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp1 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 sxb8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yp1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2xv"
},
{
"model": "ios 12.0 xk3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(23)"
},
{
"model": "ios 12.3xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxe1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(28)"
},
{
"model": "ios 12.0xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(1)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2(16)"
},
{
"model": "ios 12.2 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.3)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(7)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(5)"
},
{
"model": "ios 12.1 bc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sv2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.3 yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp gold 64-bit-2002",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 11.3ma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(2.10)"
},
{
"model": "ios 12.2 sv3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.3 b5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.1x",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4jma",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3ja",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yk1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yz2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(16)"
},
{
"model": "ios 12.1 ea6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.17)"
},
{
"model": "ios 12.2cx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1ay",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 bc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xh2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ios 12.3 xy4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)6"
},
{
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.2 sxe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2f",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(4.44)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(14)"
},
{
"model": "ios t",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(24)"
},
{
"model": "ios 12.2zo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.5)"
},
{
"model": "ios 12.2 ya7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xm1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3xg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ey",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 za2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2dd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xr3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0 xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.4"
},
{
"model": "ios 11.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "ios 12.2 za8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0w5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2bc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(18)"
},
{
"model": "ios 12.3 bc7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ec2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(17)"
},
{
"model": "ios 12.3 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 seb2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(2)"
},
{
"model": "ios 12.2 xk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(8)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2(4)"
},
{
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "ios 12.4jmb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2so",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(28)"
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios 12.3 yq3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xp4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2.1"
},
{
"model": "ios 12.2 xb14",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows xp mode",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 xt3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(8)"
},
{
"model": "ios 12.3 yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t12",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ia",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4mr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xg",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.2"
},
{
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.0xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2sa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.1 ya2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4xv"
},
{
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.37)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1.2"
},
{
"model": "ios 12.2 seb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 eu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows server gold x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.3 yr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ex2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(19)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.1)"
},
{
"model": "ios 11.2 gs6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.1.4"
},
{
"model": "ios 12.3 ja5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 ys",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 dx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(9)"
},
{
"model": "ios 12.0 wc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 e10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ys/1.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 cc4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 jk4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.1 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12.05)"
},
{
"model": "ios 12.2ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yg1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xk4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(22)"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008x64"
},
{
"model": "ios 12.2 ya8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yi1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 eo1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc2f",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp gold professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ios 12.2 sxb10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "ios 12.0xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.1"
},
{
"model": "ios 12.1 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(7.7)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.46)"
},
{
"model": "ios 11.3 xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xi",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0sl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.3 yi3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.29)"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.0 sv1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 b3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 x64-enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(5.2)"
},
{
"model": "ios 12.0sy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.6)"
},
{
"model": "ios 12.0 st8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios 12.1 xz7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea4a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 fy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(17)"
},
{
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server datacenter edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2ew",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios/700",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.2"
},
{
"model": "ios 12.3yr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(19)"
},
{
"model": "ios 12.4sw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(3.2)"
},
{
"model": "ios 11.3da",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ed",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.3.1"
},
{
"model": "ios 12.2yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sxe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.4 xb2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ys",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ios 12.3ye",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3 b1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.48)"
},
{
"model": "windows server r2 enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios 12.2mb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3 xa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "windows vista december ctp sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"model": "ios 12.1 xz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition gold standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(13)"
},
{
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2xh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition sp2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows vista sp2 beta",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3xy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1ct",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.4xf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 xaf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.0 m2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 wc5a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(8)"
},
{
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2sxd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 da1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya11",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ios 12.2ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(26)"
},
{
"model": "ios 12.2 sxd5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s13",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(10)"
},
{
"model": "ios 12.2 ey2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "ios 12.2 jk2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.1(2.5)"
},
{
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.19"
},
{
"model": "ios 12.3yc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3xx"
},
{
"model": "windows server r2 datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios 12.2 zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3xv"
},
{
"model": "ios 12.2xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0db",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 yv",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(17)"
},
{
"model": "ios 12.2 xa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yj",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(0)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(9)"
},
{
"model": "ios 12.2 tpc10a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "ios 12.0sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 ys1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sy03",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home basic 64-bit edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios 12.2yx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(16)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.1"
},
{
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2sz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios 12.2 ex",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2zh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(1.22)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)7"
},
{
"model": "ios 12.0s",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xf4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 t1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista december ctp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios 12.3xb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(20)"
},
{
"model": "ios 12.0 wc13",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 eo1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yu",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.13"
},
{
"model": "ios 12.2xr",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "ios 12.2zk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxd7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "ios 12.3 xa5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios 12.2 sz1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server gold itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.0 xs?",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t10",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yh",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1sec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4"
},
{
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios sa3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.8"
},
{
"model": "ios 12.3 xr6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 storage",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 11.2wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(11)"
},
{
"model": "ios 12.2ze",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2cy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ya",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(5)"
},
{
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 sw4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 xe1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "ios 12.3 yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sed",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yg3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "ios 12.2sea",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xg1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2yy",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008-"
},
{
"model": "windows server r2 platfom sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3.3.4"
},
{
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp embedded update rollup",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "ios 12.0 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sxb7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.8"
},
{
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"model": "ios 12.3 tpc11a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.2 t7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)13"
},
{
"model": "ios 11.2wa3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0x"
},
{
"model": "ios 12.1 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ey",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.1 ez2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.2)"
},
{
"model": "ios 12.2mx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(4.38)"
},
{
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3ym",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1(14)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0.4.3"
},
{
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2 su2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2sec",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.19)"
},
{
"model": "ios 12.3 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2fx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(12)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"model": "ios 12.0xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2 t2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 yc2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 aa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yf2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.3xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.3yq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2)"
},
{
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2.5"
},
{
"model": "windows xp service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "30"
},
{
"model": "ios 12.2zd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 t6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.3 yq4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp2 compute cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 11.1 ca2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yf3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.15)"
},
{
"model": "ios 12.2yn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(6)"
},
{
"model": "ios 11.1aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.4 t4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ex4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xy6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ea1c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3xd",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3wa4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp gold tablet pc",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2sbc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1"
},
{
"model": "ios 12.0 xp",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(2)"
},
{
"model": "ios 12.1 yb4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.0.3"
},
{
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios xb",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(3)"
},
{
"model": "ios 11.3 db1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.14"
},
{
"model": "ios 12.3yf",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 xu2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 s7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xd4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2ewa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 xg5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(7)"
},
{
"model": "ios 12.2 xe",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3t",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.3"
},
{
"model": "ios 12.3xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(4)"
},
{
"model": "ios 12.2ja",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home basic 64-bit edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "ios sa1",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.8"
},
{
"model": "windows server enterprise edition release candidate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "ios 12.2 xl4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(1.1)"
},
{
"model": "ios 12.4ja",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 ew2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(7)xv"
},
{
"model": "ios 12.1 yd2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.2 t15",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xc1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(18)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.2(18.2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "ios 12.2xk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3jeb",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2zn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2(18)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.0(2)"
},
{
"model": "ios 12.2 zg",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "ios 12.0sz",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "ios 12.3xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 s3b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3 yt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 ca1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2se",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3yk",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3na",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.45)"
},
{
"model": "windows xp gold media center",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server r2 x64-standard",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15.0"
},
{
"model": "ios 12.2 ez1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc2h",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 sl6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1 ca4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.0"
},
{
"model": "ios 12.2xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(3)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.9)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(2.17)"
},
{
"model": "ios 12.2 xe3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mb13b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 mc2c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(11)"
},
{
"model": "ios 11.2 p5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.3aa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yo",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 xt",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "ios 12.1 ea2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 sx",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "ios 12.2 b4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.4(23)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.3(15)"
},
{
"model": "ios 12.0 wc2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.1(19)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "8.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.3,
"vendor": "valusoft",
"version": "7.2(2.18)"
},
{
"model": "ios 12.1 e13",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows vista beta",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.2 xj1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios ia",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.1.15"
},
{
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios 12.4jl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yw",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2xn",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 aa1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 eu1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0 db2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 bc1f",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.3tpc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2yq",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server sp2 enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios 12.3 xk1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "ios sa5",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.2.8"
},
{
"model": "ios 12.2 by",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.2xa",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.1 t1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 11.1cc",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.7)"
},
{
"model": "ios 12.3 yg2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.0xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 12.2 zj3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0(12)"
},
{
"model": "ios 12.2 xl",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"model": "ios 12.2 xs",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "BID",
"id": "45760"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2\\(3\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(5.2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(6.7\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:interim:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2.27\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2.48\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(2.49\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(1.22\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.7\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.8\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.10\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.14\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.15\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.16\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.17\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.18\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.19\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\\(2.48\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:interim:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:5500_series_adaptive_security_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asa_5500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix_security_appliance:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vanHauser",
"sources": [
{
"db": "BID",
"id": "45760"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-4670",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-47275",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4670",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201101-030",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-47275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. The problem is Bug ID CSCti24526 It is a problem.A large amount of different source addresses by a third party RA Interfering with service operation by sending a message (CPU Resource consumption and device hangs ) There is a possibility of being put into a state. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. Multiple vendors\u0027 products are prone to an IPv6-related denial-of-service vulnerability. \nA remote attacker can exploit this issue to make affected computers and devices unresponsive, denying service to legitimate users. This security advisory is released because Microsoft doesnt want to fix\nthe issue. Cisco did for its IOS and ASA within 3 months. \n\n\n________________________________________________________________________\n\nTitle: ICMPv6 Router Announcement flooding denial of service affecting\nmultiple systems\nDate: 05 April 2011\nURL: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt\n\n________________________________________________________________________\n\nVendors: Cisco, Juniper, Microsoft, FreeBSD\nAffected Products: All Cisco IOS ASA with firmware \u003c November 2010\n All Netscreen versions\n All Windows versions\n All FreeBSD version\nVulnerability: ICMPv6 Router Announcement flooding denial of service\nSeverity: 7.8 (CVE CVSS Score), local network\nCVEs: CVE-2010-4670, CVE-2010-4671, CVE-2010-4669\n\n________________________________________________________________________\n\nUpdate Section:\n\n 05 April 2011\n Initial release\n\n________________________________________________________________________\n\nOverview:\n\n When flooding the local network with random router advertisements,\n hosts and routers update the network information, consuming all\n available CPU resources, making the systems unusable and unresponsive. \n As IPv6 and autoconfiguration are enabled by default, all are\n affected in their default configuration. \n For Windows, a personal firewall or similar security product does not\n protect against this attack. \n\n Note: Microsoft does not want to fix this security issue for their\n products. \n\n\nImpact:\n\n Updating the routing tables and configuring IPv6 addresses take up\n all available CPU resources. \n Routers and firewalls do not forward traffic. \n\n The denial of service is in affect until the flooding is terminated. \n\n The exact impact differs from the affected system type:\n Cisco: 100% traffic loss with autconfiguration active, 80% without. \n Netscreen: Only affected when the interface is configured as host, traffic\n is forwarded until the neighbor information times out, then the traffic\n is lost\n Windows: 100% CPU, 100% RAM\n FreeBSD: 100% CPU, additionally IPv6 support can be lost until reboot\n occasionally. \n Old Linux kernels are also affected, detailed version information unknown. \n\n\nDescription:\n\n On IPv6 networks, hosts automatically find out about available\n routers via ICMPv6 router announcements which are sent by the\n routers. Additionally, router announcemens are used to replace\n DHCP by the so called autoconfiguration feature. \n\n Windows and FreeBSD - like all modern operating systems - enable\n IPv6 and autoconfiguration by default and are thereby vulnerable. \n A personal firewall will not protect against this attack. \n\n If a system receives a router announcement of a new router, it\n updates its routing table with the new router, and if the\n autoconfiguration flag is set on the announcement (and the host\n is configured to configure its IPv6 address by this mechanism),\n the host chooses an IPv6 address from the announced network space. \n\n If a network is flooded with random router announcements, systems\n scramble to update their routing tables and configure IPv6\n addresses. \n\n\nExploit:\n\n Flood the network with router advertisements coming from different\n routers and announcing different network prefixes. \n\n A tool to test for this vulnerability is included in the thc-ipv6\n package, called flood_router6. \n\n\nSolution:\n\n Cisco: IOS fix CSCti24526 , ASA fix CSCti33534\n Linux: fixed prior 2010\n Netscreen: Juniper waiting for IETF results for how to fix the issue\n FreeBSD: unknown\n Windows: Microsoft made clear that they do not plan to issue a\n fix for this security issue. \n\n\nWorkaround:\n\n The procession of router announcements must be disabled. \n Please consult your system manual on how to this for your\n affected platform. \n Alternatively, disable IPv6. \n\n\n________________________________________________________________________\n\nVendor communication:\n\n 10 July 2010 Microsoft informed\n\n 10 July 2010 Cisco informed\n\n 01 August 2010 Cisco confirms problem, announces fix for October\n\n 12 August 2010 Microsoft confirms vulnerability, states no fix\n will be supplied. \n\n 22 November 2010 Cisco confirms fixes are available and started to\n be deployed in current firmwares\n\n 28 December 2010 vendor-sec informed (among other issues)\n\n 05 February 2011 FreeBSD informed (made aware via vendor-sec 5 weeks\n before)\n\n 20 February 2011 Juniper informed\n\n 09 March 2011 Juniper confirms problem\n\n 01 April 2011 Juniper informs that they work with the IETF to\n develop a standard method to cope with this and\n similar attacks. \n\n________________________________________________________________________\n\nContact:\n\nMarc Heuse\nmh@mh-sec.de\nhttp://www.mh-sec.de\n\n________________________________________________________________________\n\nThe information provided is released \"as is\" without warranty of\nany kind. The publisher disclaims all warranties, either express or\nimplied, including all warranties of merchantability. \nNo responsibility is taken for the correctness of this information. \nIn no event shall the publisher be liable for any damages whatsoever\nincluding direct, indirect, incidental, consequential, loss of\nbusiness profits or special damages, even if the publisher has been\nadvised of the possibility of such damages. \n\nThe contents of this advisory is copyright (c) 2010,2011 by Marc Heuse\nand may be distributed freely provided that no fee is charged for\nthe distribution and proper credit is given. \n\n________________________________________________________________________\n\n--\nMarc Heuse\nwww.mh-sec.de\n\nPGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "BID",
"id": "45760"
},
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "PACKETSTORM",
"id": "100127"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4670",
"trust": 3.5
},
{
"db": "BID",
"id": "45760",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1024963",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-0139",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "100127",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-47275",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "BID",
"id": "45760"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "PACKETSTORM",
"id": "100127"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"id": "VAR-201101-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "VULHUB",
"id": "VHN-47275"
}
],
"trust": 1.4727584316666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
}
]
},
"last_update_date": "2023-12-18T12:10:52.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "asarn82",
"trust": 0.8,
"url": "http://www.cisco.com/en/us/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"title": "Neighbor Discovery Protocol in the IPv6 stack on the Cisco Adaptive Security Appliances (ASA) 5500 Series appliance and the Cisco PIX Security Appliance implements a vulnerable patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/2563"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"trust": 2.0,
"url": "http://events.ccc.de/congress/2010/fahrplan/events/3957.en.html"
},
{
"trust": 1.7,
"url": "http://mirror.fem-net.de/ccc/27c3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"trust": 1.7,
"url": "http://mirror.fem-net.de/ccc/27c3/mp4-h264-hq/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"trust": 1.7,
"url": "http://www.youtube.com/watch?v=00yjwb6ggy8"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/45760"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1024963"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64598"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4670"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4670"
},
{
"trust": 0.6,
"url": "http://www.ciscosystems.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdfhttp"
},
{
"trust": 0.3,
"url": "http://www.ciscosystems.com/en/us/docs/ios/15_0/15_0x/15_01_xa/rn800xa.pdf"
},
{
"trust": 0.3,
"url": "/archive/1/517351"
},
{
"trust": 0.1,
"url": "http://www.mh-sec.de/downloads/mh-ra_flooding_cve-2010-multiple.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4671"
},
{
"trust": 0.1,
"url": "http://www.mh-sec.de"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "BID",
"id": "45760"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "PACKETSTORM",
"id": "100127"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"db": "VULHUB",
"id": "VHN-47275"
},
{
"db": "BID",
"id": "45760"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"db": "PACKETSTORM",
"id": "100127"
},
{
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"date": "2011-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-47275"
},
{
"date": "2011-01-11T00:00:00",
"db": "BID",
"id": "45760"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"date": "2011-04-06T16:29:18",
"db": "PACKETSTORM",
"id": "100127"
},
{
"date": "2011-01-07T12:00:49.717000",
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"date": "2011-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-0139"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-47275"
},
{
"date": "2015-03-19T08:46:00",
"db": "BID",
"id": "45760"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003931"
},
{
"date": "2023-08-11T19:03:30.373000",
"db": "NVD",
"id": "CVE-2010-4670"
},
{
"date": "2011-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA 5500 Series IPv6 of ND Service disruption in protocol implementation (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003931"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201101-030"
}
],
"trust": 0.6
}
}
var-200705-0565
Vulnerability from variot
The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Cisco PIX and ASA are prone to a remote denial-of-service vulnerability because the software fails to properly handle DHCP packets in certain circumstances. Successfully exploiting this issue allows attackers with access to a LAN served by a vulnerable device to consume excessive memory resources. This will eventually cause the device to stop forwarding further packets, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsh50277. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. If a DHCPACK message is received from multiple DHCP servers in response to a DHCPREQUEST or DHCPINFORM message from a DHCP client, it may result in a block memory consumption of 1550 bytes. Once the 1550-byte block memory is completely consumed, the device will start to drop packets, making it impossible to forward packets.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
TITLE: Cisco PIX and ASA Denial of Service and Security Bypass
SECUNIA ADVISORY ID: SA25109
VERIFY ADVISORY: http://secunia.com/advisories/25109/
CRITICAL: Moderately critical
IMPACT: Security Bypass, DoS
WHERE:
From remote
OPERATING SYSTEM: Cisco Adaptive Security Appliance (ASA) 7.x http://secunia.com/product/6115/ Cisco PIX 7.x http://secunia.com/product/6102/
DESCRIPTION: Some vulnerabilities have been reported in Cisco PIX and ASA, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network.
Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication.
2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.
Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password.
3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload.
Successful exploitation requires that clientless SSL is used.
Successful exploitation requires that devices are configured to use the DHCP relay agent.
SOLUTION: Apply updated software versions. Please see vendor advisories for details.
PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html
US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057
OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "BID",
"id": "23763"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lisa SittlerGrant Deffenbaugh",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2461",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-25823",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2461",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#210876",
"trust": 0.8,
"value": "2.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#530057",
"trust": 0.8,
"value": "0.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-062",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-25823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25823"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Cisco PIX and ASA are prone to a remote denial-of-service vulnerability because the software fails to properly handle DHCP packets in certain circumstances. \nSuccessfully exploiting this issue allows attackers with access to a LAN served by a vulnerable device to consume excessive memory resources. This will eventually cause the device to stop forwarding further packets, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCsh50277. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. If a DHCPACK message is received from multiple DHCP servers in response to a DHCPREQUEST or DHCPINFORM message from a DHCP client, it may result in a block memory consumption of 1550 bytes. Once the 1550-byte block memory is completely consumed, the device will start to drop packets, making it impossible to forward packets. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nCisco PIX and ASA Denial of Service and Security Bypass\n\nSECUNIA ADVISORY ID:\nSA25109\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/25109/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, DoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nCisco Adaptive Security Appliance (ASA) 7.x\nhttp://secunia.com/product/6115/\nCisco PIX 7.x\nhttp://secunia.com/product/6102/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Cisco PIX and ASA, which\ncan be exploited by malicious people to bypass certain security\nrestrictions or cause a DoS (Denial of Service). \n\n1) An unspecified error exists when using the LDAP authentication\nmechanism, which can be exploited to bypass the authentication and\ngain access to the device or the network. \n\nSuccessful exploitation requires that the device uses the Layer 2\nTunneling Protocol (L2TP) and is configured to use LDAP servers with\nanother protocol other than PAP for authentication, or that the\ndevice offers remote management access (telnet, SSH, HTTP) and uses\nan LDAP AAA server for authentication. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. In order to exploit this in IPSec VPN\nconnections, an attacker also needs to know the group name and group\npassword. \n\n3) A race condition within the processing of non-standard SSL\nsessions in the SSL VPN server of Cisco ASA appliances can be\nexploited to cause the device to reload. \n\nSuccessful exploitation requires that clientless SSL is used. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "BID",
"id": "23763"
},
{
"db": "VULHUB",
"id": "VHN-25823"
},
{
"db": "PACKETSTORM",
"id": "56436"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#530057",
"trust": 3.7
},
{
"db": "BID",
"id": "23763",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2007-2461",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "25109",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1018000",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017999",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "35330",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-1635",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#210876",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "35331",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334",
"trust": 0.8
},
{
"db": "XF",
"id": "34026",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20070502 DHCP RELAY AGENT VULNERABILITY IN CISCO PIX AND ASA APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25823"
},
{
"db": "BID",
"id": "23763"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"id": "VAR-200705-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25823"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:24.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sr-20070502-pix",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/23763"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/35330"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1017999"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018000"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25109"
},
{
"trust": 1.6,
"url": "http://www.cisco.com/en/us/products/ps6120/index.html"
},
{
"trust": 1.6,
"url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1635"
},
{
"trust": 1.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/25109/"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/35331"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2461"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2461"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id?1018000"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id?1017999"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34026"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25823"
},
{
"db": "BID",
"id": "23763"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25823"
},
{
"db": "BID",
"id": "23763"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2007-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-25823"
},
{
"date": "2007-05-02T00:00:00",
"db": "BID",
"id": "23763"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"date": "2007-05-04T05:48:13",
"db": "PACKETSTORM",
"id": "56436"
},
{
"date": "2007-05-02T22:19:00",
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"date": "2007-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-25823"
},
{
"date": "2015-05-07T17:39:00",
"db": "BID",
"id": "23763"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000334"
},
{
"date": "2023-08-11T19:02:04.560000",
"db": "NVD",
"id": "CVE-2007-2461"
},
{
"date": "2007-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA DHCP Relay Remote Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "23763"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "23763"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-062"
}
],
"trust": 0.9
}
}
var-200904-0283
Vulnerability from variot
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted TCP Packet DoS Vulnerability +-----------------------------------
A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- cTCP for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- TLS Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1158",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-38604",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1158",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-199",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-38604",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38604"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * cTCP for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * TLS Proxy for Encrypted Voice Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38604"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1158",
"trust": 2.9
},
{
"db": "BID",
"id": "34429",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022015",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53444",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38604",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38604"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"id": "VAR-200904-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38604"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:39.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53444"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022015"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1158"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1158"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38604"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38604"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38604"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T15:08:35.767000",
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38604"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001195"
},
{
"date": "2009-04-28T05:39:14.517000",
"db": "NVD",
"id": "CVE-2009-1158"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA In H.323 Packet service disruption (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-199"
}
],
"trust": 0.6
}
}
var-200809-0315
Vulnerability from variot
Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. The problem is Bug ID : CSCsq07867, CSCsq57091, CSCsk60581, CSCsq39315 It is a problem.Service operation disrupted by a third party (DoS) There is a possibility of being put into a state. Cisco PIX and ASA are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. This security advisory outlines details of the following vulnerabilities:
- Erroneous SIP Processing Vulnerabilities
- IPSec Client Authentication Processing Vulnerability
- SSL VPN Memory Leak Vulnerability
- URI Processing Error Vulnerability in SSL VPNs
- Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
Affected Products
The following paragraphs describe the affected Cisco ASA and Cisco PIX software versions:
Vulnerable Products +------------------
The following sections provide details on the versions of Cisco ASA that are affected by each vulnerability.
The show version command-line interface (CLI) command can be used to determine if a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA device that runs software release 8.0(2):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find their software version displayed in a table in the login window or in the upper left corner of the ASDM window.
SSL VPN Memory Leak Vulnerability
Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to a denial of service attack affecting the SSL processing software if the device is running a software version prior to 7.2(4)2, 8.0(3)14, or 8.1(1)4.
Potential Information Disclosure in Clientless VPNs
Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to potential information disclosure if the device is running affected 8.0 or 8.1 software versions.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of these vulnerabilities. Cisco PIX security appliances running software versions 6.x are not vulnerable. IOS, IOS XR, and Cisco Unified Boarder Elements (CUBE) are not vulnerable to these issues. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
The following sections provide details to help determine if a device may be affected by any of the vulnerabilities. A successful attack may result in a reload of the device.
SIP inspection is enabled with the inspect sip command. If the output contains the text Inspect: sip and some statistics, then the device has a vulnerable configuration.
- CSCsq07867
- CSCsq57091
- CSCsk60581
- CSCsq39315
IPSec Client Authentication Processing Vulnerability
Cisco PIX and Cisco ASA devices configured to terminate client based VPN connections are vulnerable to a crafted authentication processing vulnerability if they are running software versions 7.2, 8.0, or 8.1. Devices that run software versions 7.0 or 7.1 are not affected by this vulnerability.
A successful attack may result in a reload of the device.
Remote access VPN connections will have Internet Security Association and Key Management Protocol (ISAKMP) enabled on an interface with the crypto command, such as: crypto isakmp enable outside.
This vulnerability is documented in Cisco Bug ID CSCso69942 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2733.
SSL VPN Memory Leak Vulnerability and URI Processing Error Vulnerability in SSL VPNs
A crafted SSL or HTTP packet may cause a denial of service condition on a Cisco ASA device that is configured to terminate clientless VPN connections. A successful attack may result in a reload of the device.
Cisco ASA devices that run versions 7.2, 8.0, or 8.1 with clientless SSL VPNs enabled may be affected by this vulnerability. Devices that run software versions 7.0 and 7.1 are not affected by this vulnerability.
Clientless VPN, SSL VPN Client, and AnyConnect connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA with Clientless VPNs configured and enabled. In this case the ASA will listen for VPN connections on the default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration.
These vulnerabilities are documented in Cisco Bug ID CSCso66472 and CSCsq19369. They have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2008-2734 and CVE-2008-2735.
Potential Information Disclosure in Clientless VPNs
On Cisco ASA devices configured to terminate clientless VPN connections, an attacker may be able to discover potentially sensitive information such as usernames and passwords. This attack requires an attacker to convince a user to visit a rogue web server, reply to an e-mail, or interact with a service to successfully exploit the vulnerability.
Cisco ASA devices running software versions 8.0 or 8.1 with clientless VPNs enabled may be affected by this vulnerability.
Clientless SSL VPN connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA device with Clientless VPNs configured and enabled. In this case the Cisco ASA device will listen for VPN connections on the default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration.
This vulnerability is documented in Cisco Bug ID CSCsq45636 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2736.
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is calculated in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
Erroneous SIP Processing Vulnerabilities
CSCsq07867 - Memory corruption with traceback in SIP inspection code
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsq57091 - Memory corruption and traceback when inspecting malformed SIP packets
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsk60581 - Device reload possible when SIP inspection is enabled
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsq39315 - Traceback when processing malformed SIP requests
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
IPSec Client Authentication Processing Vulnerability
CSCso69942 - Traceback in Remote Access Authentication Code
CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 5.6 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
SSL VPN Memory Leak Vulnerability
CSCso66472 - Crypto memory leak causing Clientless SSL VPNs to hang
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
URI Processing Error Vulnerability in SSL VPNs
CSCsq19369 - URI Processing Error in Clientless SSL VPN connections
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
Potential Information Disclosure in Clientless VPNs
CSCsq45636 - Potential Information Disclosure in Clientless SSL VPNs
CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
Impact
Successful exploitation of the Erroneous SIP Processing Vulnerabilities, IPSec Client Authentication Processing Vulnerability, SSL VPN Memory Leak Vulnerability, or URI Processing Error Vulnerability in SSL VPNs may result in the device reloading. This can be repeatedly exploited and may lead to a denial of service attack.
The Potential Information Disclosure in Clientless SSL VPNs vulnerability may allow an attacker to obtain user and group credentials if the user interacts with a rogue system or document.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following list contains the first fixed software release of each vulnerability:
+-----------------------------------------------------+ | | | Affected | First | | Vulnerability | Bug ID | Release | Fixed | | | | | Release | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)15 | | | |----------+------------| | | | 7.1 | 7.1(2)70 | |Memory | |----------+------------| | corruption | | 7.2 | Not | | with traceback | CSCsq07867 | | vulnerable | |in SIP | |----------+------------| | inspection | | 8.0 | Not | | code | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | |Memory | |----------+------------| | corruption and | | 7.1 | Not | | traceback when | | | vulnerable | |inspecting |CSCsq57091 |----------+------------| | malformed SIP | | 7.2 | 7.2(4)7 | |packets | |----------+------------| | | | 8.0 | 8.0(3)20 | | | |----------+------------| | | | 8.1 | 8.1(1)8 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 7.1 | Not | | Device reload | | | vulnerable | |possible when |CSCsk60581 |----------+------------| | SIP inspection | | 7.2 | 7.2(3)18 | |is enabled | |----------+------------| | | | 8.0 | 8.0(3)8 | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)16 | | | |----------+------------| | | | 7.1 | 7.1(2)71 | | | |----------+------------| | Traceback when | | 7.2 | Not | | processing | CSCsq39315 | | vulnerable | |malformed SIP | |----------+------------| | requests | | 8.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Traceback in | | 7.1 | Not | | Remote Access | | | vulnerable | |Authentication |CSCso69942 |----------+------------| | Code | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Crypto memory | | 7.1 | Not | | leak causing | | | vulnerable | |Clientless SSL |CSCso66472 |----------+------------| | VPNs to hang | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | HTTP | | 7.1 | Not | | Processing | | | vulnerable | |Error in |CSCsq19369 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPN | | | vulnerable | |connections | |----------+------------| | | | 8.0 | 8.0(3)15 | | | |----------+------------| | | | 8.1 | 8.1(1)5 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Potential | | 7.1 | Not | | Information | | | vulnerable | |Disclosure in |CSCsq45636 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPNs | | | vulnerable | | | |----------+------------| | | | 8.0 | 8.0(3)16 | | | |----------+------------| | | | 8.1 | 8.1(1)6 | |-----------------------------+----------+------------| | | 7.0 | 7.0(7)16 | | |----------+------------| | | 7.1 | 7.1(2)72 | | |----------+------------| | Recommended Release | 7.2 | 7.2(4)9 | | |----------+------------| | | 8.0 | 8.0(4) | | |----------+------------| | | 8.1 | 8.1(1)8 | +-----------------------------------------------------+
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
Workarounds
The following workarounds may help some customers mitigate these vulnerabilities.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml
Erroneous SIP Processing Vulnerabilities
SIP inspection should be disabled if it is not needed and temporarily disabling the feature will mitigate the SIP processing vulnerabilities. SIP inspection can be disabled with the command no inspect sip.
IPSec Authentication Processing Vulnerability
Use strong group credentials for remote access VPN connections and do not give out the group credentials to end users.
SSL VPN Memory Leak Vulnerability and URI Processing Error Vulnerability in SSL VPNs
IPSec clients are not vulnerable to this issue and may be used in conjunction with strong group credentials until the device can be upgraded.
Potential Information Disclosure in Clientless SSL VPNs
Client based VPN connections are not vulnerable to the information disclosure vulnerability. If you are running 8.0(3)15, 8.0(3)16, 8.1(1)4, or 8.1(1)5, you may safely use client based VPN connections as an alternative to clientless VPNs.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
These vulnerabilities were reported to Cisco by customers that experienced these issues during normal operation of their equipment and through internal testing efforts.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-Sept-03 | public | | | | release. | +---------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE-----
iD8DBQFIvsPo86n/Gc8U/uARAmOIAKCcTL2O+3w2mEm0GTe2mcnb0NZ5uQCdG9aV ldazcXFRcGmkm4g38B67ezM= =t2NV -----END PGP SIGNATURE----- .
Successful exploitation requires valid user credentials.
Successful exploitation requires that a user is tricked into e.g. visiting a malicious web server or reply to an email.
SOLUTION: Update to fixed versions (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)7"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)2"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(7)16"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)70"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)71"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
}
],
"sources": [
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-2732",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-32857",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-2732",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-32857",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32857"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315. The problem is Bug ID : CSCsq07867, CSCsq57091, CSCsk60581, CSCsq39315 It is a problem.Service operation disrupted by a third party (DoS) There is a possibility of being put into a state. Cisco PIX and ASA are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. \nAn attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. \nThis security advisory outlines details of the following\nvulnerabilities:\n\n * Erroneous SIP Processing Vulnerabilities\n * IPSec Client Authentication Processing Vulnerability\n * SSL VPN Memory Leak Vulnerability\n * URI Processing Error Vulnerability in SSL VPNs\n * Potential Information Disclosure in Clientless VPNs\n\nNote: These vulnerabilities are independent of each other. A device\nmay be affected by one vulnerability and not affected by another. \nCisco has released free software updates that address these\nvulnerabilities. Workarounds that mitigate some of these\nvulnerabilities are available. \n\nThis advisory is posted at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\nAffected Products\n=================\n\nThe following paragraphs describe the affected Cisco ASA and Cisco\nPIX software versions:\n\nVulnerable Products\n+------------------\n\nThe following sections provide details on the versions of Cisco ASA\nthat are affected by each vulnerability. \n\nThe show version command-line interface (CLI) command can be used to\ndetermine if a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA device\nthat runs software release 8.0(2):\n\n ASA# show version\n \n Cisco Adaptive Security Appliance Software Version 8.0(2)\n Device Manager Version 6.0(1)\n \n [...]\n\nCustomers who use the Cisco Adaptive Security Device Manager (ASDM)\nto manage their devices can find their software version displayed in\na table in the login window or in the upper left corner of the ASDM\nwindow. \n\nSSL VPN Memory Leak Vulnerability\n\nCisco ASA devices that terminate clientless remote access VPN\nconnections are vulnerable to a denial of service attack affecting\nthe SSL processing software if the device is running a software\nversion prior to 7.2(4)2, 8.0(3)14, or 8.1(1)4. \n\nPotential Information Disclosure in Clientless VPNs\n\nCisco ASA devices that terminate clientless remote access VPN\nconnections are vulnerable to potential information disclosure if the\ndevice is running affected 8.0 or 8.1 software versions. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) is not affected by any of\nthese vulnerabilities. Cisco PIX security appliances running software\nversions 6.x are not vulnerable. IOS, IOS XR, and Cisco Unified\nBoarder Elements (CUBE) are not vulnerable to these issues. No other\nCisco products are currently known to be affected by these\nvulnerabilities. \n\nDetails\n=======\n\nThe following sections provide details to help determine if a device\nmay be affected by any of the vulnerabilities. A successful\nattack may result in a reload of the device. \n\nSIP inspection is enabled with the inspect sip command. If the\noutput contains the text Inspect: sip and some statistics, then the\ndevice has a vulnerable configuration. \n\n * CSCsq07867\n * CSCsq57091\n * CSCsk60581\n * CSCsq39315\n\nIPSec Client Authentication Processing Vulnerability\n\nCisco PIX and Cisco ASA devices configured to terminate client based\nVPN connections are vulnerable to a crafted authentication processing\nvulnerability if they are running software versions 7.2, 8.0, or 8.1. \nDevices that run software versions 7.0 or 7.1 are not affected by\nthis vulnerability. \n\nA successful attack may result in a reload of the device. \n\nRemote access VPN connections will have Internet Security Association\nand Key Management Protocol (ISAKMP) enabled on an interface with the\ncrypto command, such as: crypto isakmp enable outside. \n\nThis vulnerability is documented in Cisco Bug ID CSCso69942\nand has been assigned Common Vulnerabilities and Exposures (CVE)\nidentifier CVE-2008-2733. \n\nSSL VPN Memory Leak Vulnerability and URI Processing Error\nVulnerability in SSL VPNs\n\nA crafted SSL or HTTP packet may cause a denial of service condition\non a Cisco ASA device that is configured to terminate clientless VPN\nconnections. A successful attack may result in a reload of the\ndevice. \n\nCisco ASA devices that run versions 7.2, 8.0, or 8.1 with clientless\nSSL VPNs enabled may be affected by this vulnerability. Devices that\nrun software versions 7.0 and 7.1 are not affected by this\nvulnerability. \n\nClientless VPN, SSL VPN Client, and AnyConnect connections are\nenabled via the webvpn command. For example, the following\nconfiguration shows a Cisco ASA with Clientless VPNs configured and\nenabled. In this case the ASA will listen for VPN connections on the\ndefault port, TCP port 443:\n\n http server enable \n !\n webvpn\n enable outside\n\nNote that with this particular configuration, the device is\nvulnerable to attacks coming from the outside interface due to the \nenable outside command within the webvpn group configuration. \n\nThese vulnerabilities are documented in Cisco Bug ID CSCso66472\nand CSCsq19369. They have been assigned Common Vulnerabilities and\nExposures (CVE) identifiers CVE-2008-2734 and CVE-2008-2735. \n\nPotential Information Disclosure in Clientless VPNs\n\nOn Cisco ASA devices configured to terminate clientless VPN\nconnections, an attacker may be able to discover potentially\nsensitive information such as usernames and passwords. This attack\nrequires an attacker to convince a user to visit a rogue web server,\nreply to an e-mail, or interact with a service to successfully\nexploit the vulnerability. \n\nCisco ASA devices running software versions 8.0 or 8.1 with\nclientless VPNs enabled may be affected by this vulnerability. \n\nClientless SSL VPN connections are enabled via the webvpn command. \nFor example, the following configuration shows a Cisco ASA device\nwith Clientless VPNs configured and enabled. In this case the Cisco\nASA device will listen for VPN connections on the default port, TCP\nport 443:\n\n http server enable \n !\n webvpn\n enable outside\n\nNote that with this particular configuration, the device is\nvulnerable to attacks coming from the outside interface due to the \nenable outside command within the webvpn group configuration. \n\nThis vulnerability is documented in Cisco Bug ID CSCsq45636 \nand has been assigned Common Vulnerabilities and Exposures (CVE)\nidentifier CVE-2008-2736. \n\nVulnerability Scoring Details\n=============================\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is calculated in accordance with\nCVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\nErroneous SIP Processing Vulnerabilities\n\nCSCsq07867 - Memory corruption with traceback in SIP inspection code\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsq57091 - Memory corruption and traceback when inspecting malformed SIP packets\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsk60581 - Device reload possible when SIP inspection is enabled\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsq39315 - Traceback when processing malformed SIP requests\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nIPSec Client Authentication Processing Vulnerability\n\nCSCso69942 - Traceback in Remote Access Authentication Code\n\nCVSS Base Score - 6.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - Single\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 5.6\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nSSL VPN Memory Leak Vulnerability\n\nCSCso66472 - Crypto memory leak causing Clientless SSL VPNs to hang\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nURI Processing Error Vulnerability in SSL VPNs\n\nCSCsq19369 - URI Processing Error in Clientless SSL VPN connections\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nPotential Information Disclosure in Clientless VPNs\n\nCSCsq45636 - Potential Information Disclosure in Clientless SSL VPNs\n\nCVSS Base Score - 7.1\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 5.9\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the Erroneous SIP Processing\nVulnerabilities, IPSec Client Authentication Processing\nVulnerability, SSL VPN Memory Leak Vulnerability, or URI Processing\nError Vulnerability in SSL VPNs may result in the device reloading. \nThis can be repeatedly exploited and may lead to a denial of service\nattack. \n\nThe Potential Information Disclosure in Clientless SSL VPNs\nvulnerability may allow an attacker to obtain user and group\ncredentials if the user interacts with a rogue system or document. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to\ndetermine exposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following list contains the first fixed software release of each\nvulnerability:\n\n+-----------------------------------------------------+\n| | | Affected | First |\n| Vulnerability | Bug ID | Release | Fixed |\n| | | | Release |\n|----------------+------------+----------+------------|\n| | | 7.0 | 7.0(7)15 |\n| | |----------+------------|\n| | | 7.1 | 7.1(2)70 |\n|Memory | |----------+------------|\n| corruption | | 7.2 | Not |\n| with traceback | CSCsq07867 | | vulnerable |\n|in SIP | |----------+------------|\n| inspection | | 8.0 | Not |\n| code | | | vulnerable |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n|Memory | |----------+------------|\n| corruption and | | 7.1 | Not |\n| traceback when | | | vulnerable |\n|inspecting |CSCsq57091 |----------+------------|\n| malformed SIP | | 7.2 | 7.2(4)7 |\n|packets | |----------+------------|\n| | | 8.0 | 8.0(3)20 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)8 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| | | 7.1 | Not |\n| Device reload | | | vulnerable |\n|possible when |CSCsk60581 |----------+------------|\n| SIP inspection | | 7.2 | 7.2(3)18 |\n|is enabled | |----------+------------|\n| | | 8.0 | 8.0(3)8 |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | 7.0(7)16 |\n| | |----------+------------|\n| | | 7.1 | 7.1(2)71 |\n| | |----------+------------|\n| Traceback when | | 7.2 | Not |\n| processing | CSCsq39315 | | vulnerable |\n|malformed SIP | |----------+------------|\n| requests | | 8.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Traceback in | | 7.1 | Not |\n| Remote Access | | | vulnerable |\n|Authentication |CSCso69942 |----------+------------|\n| Code | | 7.2 | 7.2(4)2 |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)14 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)4 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Crypto memory | | 7.1 | Not |\n| leak causing | | | vulnerable |\n|Clientless SSL |CSCso66472 |----------+------------|\n| VPNs to hang | | 7.2 | 7.2(4)2 |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)14 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)4 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| HTTP | | 7.1 | Not |\n| Processing | | | vulnerable |\n|Error in |CSCsq19369 |----------+------------|\n| Clientless SSL | | 7.2 | Not |\n| VPN | | | vulnerable |\n|connections | |----------+------------|\n| | | 8.0 | 8.0(3)15 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)5 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Potential | | 7.1 | Not |\n| Information | | | vulnerable |\n|Disclosure in |CSCsq45636 |----------+------------|\n| Clientless SSL | | 7.2 | Not |\n| VPNs | | | vulnerable |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)16 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)6 |\n|-----------------------------+----------+------------|\n| | 7.0 | 7.0(7)16 |\n| |----------+------------|\n| | 7.1 | 7.1(2)72 |\n| |----------+------------|\n| Recommended Release | 7.2 | 7.2(4)9 |\n| |----------+------------|\n| | 8.0 | 8.0(4) |\n| |----------+------------|\n| | 8.1 | 8.1(1)8 |\n+-----------------------------------------------------+\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2\n\nWorkarounds\n===========\n\nThe following workarounds may help some customers mitigate these\nvulnerabilities. \n\nAdditional mitigation techniques that can be deployed on Cisco\ndevices within the network are available in the Cisco Applied\nMitigation Bulletin companion document for this advisory:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml\n\nErroneous SIP Processing Vulnerabilities\n\nSIP inspection should be disabled if it is not needed and temporarily\ndisabling the feature will mitigate the SIP processing\nvulnerabilities. SIP inspection can be disabled with the command no\ninspect sip. \n\nIPSec Authentication Processing Vulnerability\n\nUse strong group credentials for remote access VPN connections and do\nnot give out the group credentials to end users. \n\nSSL VPN Memory Leak Vulnerability and URI Processing Error\nVulnerability in SSL VPNs\n\nIPSec clients are not vulnerable to this issue and may be used in\nconjunction with strong group credentials until the device can be\nupgraded. \n\nPotential Information Disclosure in Clientless SSL VPNs\n\nClient based VPN connections are not vulnerable to the information\ndisclosure vulnerability. If you are running 8.0(3)15, 8.0(3)16,\n8.1(1)4, or 8.1(1)5, you may safely use client based VPN connections as\nan alternative to clientless VPNs. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at:\n\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html\n\nor as otherwise set forth at Cisco.com Downloads at:\n\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through\ntheir regular update channels. For most customers, this means that\nupgrades should be obtained through the Software Center on Cisco\u0027s\nworldwide website at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through\nprior or existing agreements with third-party support organizations,\nsuch as Cisco Partners, authorized resellers, or service providers\nshould contact that support organization for guidance and assistance\nwith the appropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or\nfix is the most appropriate for use in the intended network before it\nis deployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco\nservice contract, and customers who purchase through third-party\nvendors but are unsuccessful in obtaining fixed software through\ntheir point of sale should acquire upgrades by contacting the Cisco\nTechnical Assistance Center (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to\na free upgrade. Free upgrades for non-contract customers must be\nrequested through the TAC. \n\nRefer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThese vulnerabilities were reported to Cisco by customers that\nexperienced these issues during normal operation of their equipment\nand through internal testing efforts. \n\nStatus of this Notice: FINAL\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision | | Initial |\n| 1.0 | 2008-Sept-03 | public |\n| | | release. |\n+---------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\n\nThis includes instructions for press inquiries regarding Cisco security\nnotices. All Cisco security advisories are available at:\n\nhttp://www.cisco.com/go/psirt\n-----BEGIN PGP SIGNATURE-----\n\niD8DBQFIvsPo86n/Gc8U/uARAmOIAKCcTL2O+3w2mEm0GTe2mcnb0NZ5uQCdG9aV\nldazcXFRcGmkm4g38B67ezM=\n=t2NV\n-----END PGP SIGNATURE-----\n. \n\nSuccessful exploitation requires valid user credentials. \n\nSuccessful exploitation requires that a user is tricked into e.g. \nvisiting a malicious web server or reply to an email. \n\nSOLUTION:\nUpdate to fixed versions (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "VULHUB",
"id": "VHN-32857"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-32857",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32857"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2732",
"trust": 2.9
},
{
"db": "BID",
"id": "30998",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "31730",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1020809",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020808",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20080903 REMOTE ACCESS VPN AND SIP VULNERABILITIES IN CISCO PIX AND CISCO ASA",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "69604",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-32857",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69641",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32857"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"id": "VAR-200809-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-32857"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:31:57.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20080903-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00809f138a.shtml"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/30998"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020808"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020809"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscoappliedmitigationbulletin/cisco-amb-20080903-asa"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/31730"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/31730/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2732"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2732"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml "
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2733"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2734"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2735"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16163/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16164/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32857"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-32857"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-32857"
},
{
"date": "2008-09-03T00:00:00",
"db": "BID",
"id": "30998"
},
{
"date": "2008-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"date": "2008-09-03T21:33:09",
"db": "PACKETSTORM",
"id": "69604"
},
{
"date": "2008-09-04T22:20:29",
"db": "PACKETSTORM",
"id": "69641"
},
{
"date": "2008-09-04T16:41:00",
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"date": "2008-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-32857"
},
{
"date": "2008-09-03T19:35:00",
"db": "BID",
"id": "30998"
},
{
"date": "2008-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001674"
},
{
"date": "2017-08-08T01:31:16.933000",
"db": "NVD",
"id": "CVE-2008-2732"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX and ASA of SIP Service interruption in inspection function (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001674"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-050"
}
],
"trust": 0.6
}
}
var-200904-0284
Vulnerability from variot
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQLNet inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQLNet packets. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted TCP Packet DoS Vulnerability +-----------------------------------
A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- cTCP for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- TLS Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
A crafted H.323 packet may cause a DoS condition on a Cisco ASA device that is configured with H.323 inspection. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1159",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-38605",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1159",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-200",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-38605",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38605"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * cTCP for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * TLS Proxy for Encrypted Voice Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nA crafted H.323 packet may cause a DoS condition on a Cisco ASA device\nthat is configured with H.323 inspection. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38605"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1159",
"trust": 2.9
},
{
"db": "BID",
"id": "34429",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1022015",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "53446",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38605"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"id": "VAR-200904-0284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38605"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:39.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53446"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022015"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1159"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1159"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38605"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38605"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38605"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T15:08:35.780000",
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38605"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001196"
},
{
"date": "2009-04-28T05:39:14.627000",
"db": "NVD",
"id": "CVE-2009-1159"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA In SQL*Net Packet service disruption (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001196"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-200"
}
],
"trust": 0.6
}
}
var-200904-0280
Vulnerability from variot
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
Cisco ASA and Cisco PIX security appliances may experience a device reload that can be triggered by a series of crafted H.323 packets, when H.323 inspection is enabled. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted TCP Packet DoS Vulnerability +-----------------------------------
A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- cTCP for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- TLS Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
A crafted H.323 packet may cause a DoS condition on a Cisco ASA device that is configured with H.323 inspection. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. A series of SQLNet packets may cause a denial of service condition on a Cisco ASA and Cisco PIX device that is configured with SQLNet inspection. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL. A vulnerability exists in the Cisco ASA and Cisco PIX that may allow traffic to bypass the implicit deny ACE.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1155"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-1155",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-38601",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1155",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-196",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-38601",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. Cisco ASA and\nCisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and\n8.1 are affected when configured for any of the following features:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * Transport Layer Security (TLS) Proxy for Encrypted Voice\n Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nCisco ASA and Cisco PIX security appliances may experience a device\nreload that can be triggered by a series of crafted H.323 packets, when\nH.323 inspection is enabled. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * cTCP for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * TLS Proxy for Encrypted Voice Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nA crafted H.323 packet may cause a DoS condition on a Cisco ASA device\nthat is configured with H.323 inspection. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. A series of SQL*Net packets\nmay cause a denial of service condition on a Cisco ASA and Cisco PIX\ndevice that is configured with SQL*Net inspection. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. A vulnerability exists\nin the Cisco ASA and Cisco PIX that may allow traffic to bypass the\nimplicit deny ACE. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-38601",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1155",
"trust": 2.9
},
{
"db": "BID",
"id": "34429",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "53441",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022016",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-38601",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"id": "VAR-200904-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:11:39.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.5,
"url": "http://osvdb.org/53441"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022016"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1155"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1155"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38601"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38601"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T15:08:35.703000",
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38601"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001192"
},
{
"date": "2009-04-28T05:39:14.170000",
"db": "NVD",
"id": "CVE-2009-1155"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-196"
}
],
"trust": 0.6
}
}
var-200705-0566
Vulnerability from variot
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information LDAP With authentication PAP (Password Authentication Protocol) There is no effect if is set to use.To a third party LDAP Authentication can be bypassed and unauthorized access to the appliance and internal resources can occur. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. Access to the management session must be explicitly enabled in the device configuration and restricted to defined IP addresses only. This vulnerability is documented in Cisco Bug ID as CSCsh42793.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/
The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.
2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.
Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password.
3) A race condition within the processing of non-standard SSL sessions in the SSL VPN server of Cisco ASA appliances can be exploited to cause the device to reload.
Successful exploitation requires that clientless SSL is used.
4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device.
Successful exploitation requires that devices are configured to use the DHCP relay agent.
SOLUTION: Apply updated software versions. Please see vendor advisories for details.
PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml
http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html
US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057
OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 3.2,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Security bulletin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-2462",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-25824",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2462",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#337508",
"trust": 0.8,
"value": "0.70"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#210876",
"trust": 0.8,
"value": "2.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#530057",
"trust": 0.8,
"value": "0.64"
},
{
"author": "CNNVD",
"id": "CNNVD-200705-034",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-25824",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2007-2462",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25824"
},
{
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. According to Cisco Systems information LDAP With authentication PAP (Password Authentication Protocol) There is no effect if is set to use.To a third party LDAP Authentication can be bypassed and unauthorized access to the appliance and internal resources can occur. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. Access to the management session must be explicitly enabled in the device configuration and restricted to defined IP addresses only. This vulnerability is documented in Cisco Bug ID as CSCsh42793. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. In order to exploit this in IPSec VPN\nconnections, an attacker also needs to know the group name and group\npassword. \n\n3) A race condition within the processing of non-standard SSL\nsessions in the SSL VPN server of Cisco ASA appliances can be\nexploited to cause the device to reload. \n\nSuccessful exploitation requires that clientless SSL is used. \n\n4) An error within the DHCP relay agent when handling DHCPACK\nmessages can be exploited to cause a DoS due to memory exhaustion by\nsending a large number of DHCP requests to a vulnerable device. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "VULHUB",
"id": "VHN-25824"
},
{
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"db": "PACKETSTORM",
"id": "56436"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#210876",
"trust": 3.8
},
{
"db": "BID",
"id": "23768",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2007-2462",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "25109",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "35331",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1017994",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1017995",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-1636",
"trust": 1.7
},
{
"db": "XF",
"id": "34020",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#337508",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#530057",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25824",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2007/1636",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-2462",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25824"
},
{
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"id": "VAR-200705-0566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25824"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:24.146000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20070502-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"trust": 2.6,
"url": "http://www.osvdb.org/35331"
},
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/23768"
},
{
"trust": 2.6,
"url": "http://www.securitytracker.com/id?1017994"
},
{
"trust": 2.6,
"url": "http://www.securitytracker.com/id?1017995"
},
{
"trust": 2.4,
"url": "http://www.cisco.com/en/us/products/ps6120/index.html"
},
{
"trust": 2.4,
"url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
},
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/25109"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/1636"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/34020"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/25109/"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/110/webvpnasa.pdf"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2462"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2462"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/467385"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/337508"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25824"
},
{
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#337508"
},
{
"db": "CERT/CC",
"id": "VU#210876"
},
{
"db": "CERT/CC",
"id": "VU#530057"
},
{
"db": "VULHUB",
"id": "VHN-25824"
},
{
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"db": "BID",
"id": "23768"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"db": "PACKETSTORM",
"id": "56436"
},
{
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2007-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-25824"
},
{
"date": "2007-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"date": "2007-05-02T00:00:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"date": "2007-05-04T05:48:13",
"db": "PACKETSTORM",
"id": "56436"
},
{
"date": "2007-05-02T22:19:00",
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"date": "2007-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-05-04T00:00:00",
"db": "CERT/CC",
"id": "VU#337508"
},
{
"date": "2007-06-15T00:00:00",
"db": "CERT/CC",
"id": "VU#210876"
},
{
"date": "2007-05-03T00:00:00",
"db": "CERT/CC",
"id": "VU#530057"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-25824"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2007-2462"
},
{
"date": "2016-07-06T14:39:00",
"db": "BID",
"id": "23768"
},
{
"date": "2007-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000335"
},
{
"date": "2023-08-11T19:02:04.560000",
"db": "NVD",
"id": "CVE-2007-2462"
},
{
"date": "2007-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA clientless SSL VPN denial of service vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#337508"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200705-034"
}
],
"trust": 0.6
}
}
var-200809-0316
Vulnerability from variot
Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. The problem is Bug ID : CSCso69942 It is a problem.Service operation disrupted by a third party (DoS) There is a possibility of being put into a state. Cisco PIX and ASA are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. This security advisory outlines details of the following vulnerabilities:
- Erroneous SIP Processing Vulnerabilities
- IPSec Client Authentication Processing Vulnerability
- SSL VPN Memory Leak Vulnerability
- URI Processing Error Vulnerability in SSL VPNs
- Potential Information Disclosure in Clientless VPNs
Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
Affected Products
The following paragraphs describe the affected Cisco ASA and Cisco PIX software versions:
Vulnerable Products +------------------
The following sections provide details on the versions of Cisco ASA that are affected by each vulnerability.
The show version command-line interface (CLI) command can be used to determine if a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA device that runs software release 8.0(2):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(1)
[...]
Customers who use the Cisco Adaptive Security Device Manager (ASDM) to manage their devices can find their software version displayed in a table in the login window or in the upper left corner of the ASDM window.
Erroneous SIP Processing Vulnerabilities
Cisco PIX and Cisco ASA devices configured for SIP inspection are vulnerable to multiple processing errors that may result in denial of service attacks.
Potential Information Disclosure in Clientless VPNs
Cisco ASA devices that terminate clientless remote access VPN connections are vulnerable to potential information disclosure if the device is running affected 8.0 or 8.1 software versions.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) is not affected by any of these vulnerabilities. Cisco PIX security appliances running software versions 6.x are not vulnerable. IOS, IOS XR, and Cisco Unified Boarder Elements (CUBE) are not vulnerable to these issues. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
The following sections provide details to help determine if a device may be affected by any of the vulnerabilities.
Erroneous SIP Processing Vulnerabilities
Cisco PIX and Cisco ASA devices configured for SIP inspection are vulnerable to multiple processing errors that may result in denial of service attacks. A successful attack may result in a reload of the device.
SIP inspection is enabled with the inspect sip command.
To determine whether the Cisco PIX or Cisco ASA security appliance is configured to support inspection of sip packets, log in to the device and issue the CLI command show service-policy | include sip. If the output contains the text Inspect: sip and some statistics, then the device has a vulnerable configuration. The following example shows a vulnerable Cisco ASA Security Appliance:
asa#show service-policy | include sip
Inspect: sip, packet 0, drop 0, reset-drop 0
asa#
These vulnerability is documented in the following Cisco Bug IDs and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2732. Devices that run software versions 7.0 or 7.1 are not affected by this vulnerability.
A successful attack may result in a reload of the device.
Remote access VPN connections will have Internet Security Association and Key Management Protocol (ISAKMP) enabled on an interface with the crypto command, such as: crypto isakmp enable outside.
This vulnerability is documented in Cisco Bug ID CSCso69942 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2733. A successful attack may result in a reload of the device.
Cisco ASA devices that run versions 7.2, 8.0, or 8.1 with clientless SSL VPNs enabled may be affected by this vulnerability. Devices that run software versions 7.0 and 7.1 are not affected by this vulnerability.
Clientless VPN, SSL VPN Client, and AnyConnect connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA with Clientless VPNs configured and enabled. In this case the ASA will listen for VPN connections on the default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration.
These vulnerabilities are documented in Cisco Bug ID CSCso66472 and CSCsq19369. They have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2008-2734 and CVE-2008-2735.
Potential Information Disclosure in Clientless VPNs
On Cisco ASA devices configured to terminate clientless VPN connections, an attacker may be able to discover potentially sensitive information such as usernames and passwords. This attack requires an attacker to convince a user to visit a rogue web server, reply to an e-mail, or interact with a service to successfully exploit the vulnerability.
Cisco ASA devices running software versions 8.0 or 8.1 with clientless VPNs enabled may be affected by this vulnerability.
Clientless SSL VPN connections are enabled via the webvpn command. For example, the following configuration shows a Cisco ASA device with Clientless VPNs configured and enabled. In this case the Cisco ASA device will listen for VPN connections on the default port, TCP port 443:
http server enable
!
webvpn
enable outside
Note that with this particular configuration, the device is vulnerable to attacks coming from the outside interface due to the enable outside command within the webvpn group configuration.
This vulnerability is documented in Cisco Bug ID CSCsq45636 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2736.
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is calculated in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
Erroneous SIP Processing Vulnerabilities
CSCsq07867 - Memory corruption with traceback in SIP inspection code
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsq57091 - Memory corruption and traceback when inspecting malformed SIP packets
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsk60581 - Device reload possible when SIP inspection is enabled
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
CSCsq39315 - Traceback when processing malformed SIP requests
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
IPSec Client Authentication Processing Vulnerability
CSCso69942 - Traceback in Remote Access Authentication Code
CVSS Base Score - 6.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 5.6 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
SSL VPN Memory Leak Vulnerability
CSCso66472 - Crypto memory leak causing Clientless SSL VPNs to hang
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
URI Processing Error Vulnerability in SSL VPNs
CSCsq19369 - URI Processing Error in Clientless SSL VPN connections
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
Potential Information Disclosure in Clientless VPNs
CSCsq45636 - Potential Information Disclosure in Clientless SSL VPNs
CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official Fix Report Confidence - Confirmed
Impact
Successful exploitation of the Erroneous SIP Processing Vulnerabilities, IPSec Client Authentication Processing Vulnerability, SSL VPN Memory Leak Vulnerability, or URI Processing Error Vulnerability in SSL VPNs may result in the device reloading. This can be repeatedly exploited and may lead to a denial of service attack.
The Potential Information Disclosure in Clientless SSL VPNs vulnerability may allow an attacker to obtain user and group credentials if the user interacts with a rogue system or document.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following list contains the first fixed software release of each vulnerability:
+-----------------------------------------------------+ | | | Affected | First | | Vulnerability | Bug ID | Release | Fixed | | | | | Release | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)15 | | | |----------+------------| | | | 7.1 | 7.1(2)70 | |Memory | |----------+------------| | corruption | | 7.2 | Not | | with traceback | CSCsq07867 | | vulnerable | |in SIP | |----------+------------| | inspection | | 8.0 | Not | | code | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | |Memory | |----------+------------| | corruption and | | 7.1 | Not | | traceback when | | | vulnerable | |inspecting |CSCsq57091 |----------+------------| | malformed SIP | | 7.2 | 7.2(4)7 | |packets | |----------+------------| | | | 8.0 | 8.0(3)20 | | | |----------+------------| | | | 8.1 | 8.1(1)8 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 7.1 | Not | | Device reload | | | vulnerable | |possible when |CSCsk60581 |----------+------------| | SIP inspection | | 7.2 | 7.2(3)18 | |is enabled | |----------+------------| | | | 8.0 | 8.0(3)8 | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | 7.0(7)16 | | | |----------+------------| | | | 7.1 | 7.1(2)71 | | | |----------+------------| | Traceback when | | 7.2 | Not | | processing | CSCsq39315 | | vulnerable | |malformed SIP | |----------+------------| | requests | | 8.0 | Not | | | | | vulnerable | | | |----------+------------| | | | 8.1 | Not | | | | | vulnerable | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Traceback in | | 7.1 | Not | | Remote Access | | | vulnerable | |Authentication |CSCso69942 |----------+------------| | Code | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Crypto memory | | 7.1 | Not | | leak causing | | | vulnerable | |Clientless SSL |CSCso66472 |----------+------------| | VPNs to hang | | 7.2 | 7.2(4)2 | | | |----------+------------| | | | 8.0 | 8.0(3)14 | | | |----------+------------| | | | 8.1 | 8.1(1)4 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | HTTP | | 7.1 | Not | | Processing | | | vulnerable | |Error in |CSCsq19369 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPN | | | vulnerable | |connections | |----------+------------| | | | 8.0 | 8.0(3)15 | | | |----------+------------| | | | 8.1 | 8.1(1)5 | |----------------+------------+----------+------------| | | | 7.0 | Not | | | | | vulnerable | | | |----------+------------| | Potential | | 7.1 | Not | | Information | | | vulnerable | |Disclosure in |CSCsq45636 |----------+------------| | Clientless SSL | | 7.2 | Not | | VPNs | | | vulnerable | | | |----------+------------| | | | 8.0 | 8.0(3)16 | | | |----------+------------| | | | 8.1 | 8.1(1)6 | |-----------------------------+----------+------------| | | 7.0 | 7.0(7)16 | | |----------+------------| | | 7.1 | 7.1(2)72 | | |----------+------------| | Recommended Release | 7.2 | 7.2(4)9 | | |----------+------------| | | 8.0 | 8.0(4) | | |----------+------------| | | 8.1 | 8.1(1)8 | +-----------------------------------------------------+
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2
Workarounds
The following workarounds may help some customers mitigate these vulnerabilities.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml
Erroneous SIP Processing Vulnerabilities
SIP inspection should be disabled if it is not needed and temporarily disabling the feature will mitigate the SIP processing vulnerabilities. SIP inspection can be disabled with the command no inspect sip.
IPSec Authentication Processing Vulnerability
Use strong group credentials for remote access VPN connections and do not give out the group credentials to end users.
SSL VPN Memory Leak Vulnerability and URI Processing Error Vulnerability in SSL VPNs
IPSec clients are not vulnerable to this issue and may be used in conjunction with strong group credentials until the device can be upgraded.
Potential Information Disclosure in Clientless SSL VPNs
Client based VPN connections are not vulnerable to the information disclosure vulnerability. If you are running 8.0(3)15, 8.0(3)16, 8.1(1)4, or 8.1(1)5, you may safely use client based VPN connections as an alternative to clientless VPNs.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at:
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html
or as otherwise set forth at Cisco.com Downloads at:
http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
These vulnerabilities were reported to Cisco by customers that experienced these issues during normal operation of their equipment and through internal testing efforts.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-Sept-03 | public | | | | release. | +---------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at:
http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE-----
iD8DBQFIvsPo86n/Gc8U/uARAmOIAKCcTL2O+3w2mEm0GTe2mcnb0NZ5uQCdG9aV ldazcXFRcGmkm4g38B67ezM= =t2NV -----END PGP SIGNATURE----- .
Successful exploitation requires valid user credentials.
Successful exploitation requires that a user is tricked into e.g. visiting a malicious web server or reply to an email.
SOLUTION: Update to fixed versions (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)7"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)2"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(7)16"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)70"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)71"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-2733",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-32858",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-2733",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-051",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-32858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32858"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942. The problem is Bug ID : CSCso69942 It is a problem.Service operation disrupted by a third party (DoS) There is a possibility of being put into a state. Cisco PIX and ASA are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. \nAn attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload. PIX is a firewall device that provides policy enforcement, multi-vector attack protection and secure connection services for users and applications; Adaptive Security Appliance (ASA) is a modular platform that provides security and VPN services. \nThis security advisory outlines details of the following\nvulnerabilities:\n\n * Erroneous SIP Processing Vulnerabilities\n * IPSec Client Authentication Processing Vulnerability\n * SSL VPN Memory Leak Vulnerability\n * URI Processing Error Vulnerability in SSL VPNs\n * Potential Information Disclosure in Clientless VPNs\n\nNote: These vulnerabilities are independent of each other. A device\nmay be affected by one vulnerability and not affected by another. \nCisco has released free software updates that address these\nvulnerabilities. Workarounds that mitigate some of these\nvulnerabilities are available. \n\nThis advisory is posted at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\nAffected Products\n=================\n\nThe following paragraphs describe the affected Cisco ASA and Cisco\nPIX software versions:\n\nVulnerable Products\n+------------------\n\nThe following sections provide details on the versions of Cisco ASA\nthat are affected by each vulnerability. \n\nThe show version command-line interface (CLI) command can be used to\ndetermine if a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA device\nthat runs software release 8.0(2):\n\n ASA# show version\n \n Cisco Adaptive Security Appliance Software Version 8.0(2)\n Device Manager Version 6.0(1)\n \n [...]\n\nCustomers who use the Cisco Adaptive Security Device Manager (ASDM)\nto manage their devices can find their software version displayed in\na table in the login window or in the upper left corner of the ASDM\nwindow. \n\nErroneous SIP Processing Vulnerabilities\n\nCisco PIX and Cisco ASA devices configured for SIP inspection are\nvulnerable to multiple processing errors that may result in denial of\nservice attacks. \n\nPotential Information Disclosure in Clientless VPNs\n\nCisco ASA devices that terminate clientless remote access VPN\nconnections are vulnerable to potential information disclosure if the\ndevice is running affected 8.0 or 8.1 software versions. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) is not affected by any of\nthese vulnerabilities. Cisco PIX security appliances running software\nversions 6.x are not vulnerable. IOS, IOS XR, and Cisco Unified\nBoarder Elements (CUBE) are not vulnerable to these issues. No other\nCisco products are currently known to be affected by these\nvulnerabilities. \n\nDetails\n=======\n\nThe following sections provide details to help determine if a device\nmay be affected by any of the vulnerabilities. \n\nErroneous SIP Processing Vulnerabilities\n\nCisco PIX and Cisco ASA devices configured for SIP inspection are\nvulnerable to multiple processing errors that may result in denial of\nservice attacks. A successful\nattack may result in a reload of the device. \n\nSIP inspection is enabled with the inspect sip command. \n\nTo determine whether the Cisco PIX or Cisco ASA security appliance is\nconfigured to support inspection of sip packets, log in to the device\nand issue the CLI command show service-policy | include sip. If the\noutput contains the text Inspect: sip and some statistics, then the\ndevice has a vulnerable configuration. The following example shows a\nvulnerable Cisco ASA Security Appliance:\n\n asa#show service-policy | include sip\n Inspect: sip, packet 0, drop 0, reset-drop 0\n \n asa#\n\nThese vulnerability is documented in the following Cisco Bug IDs and\nhas been assigned Common Vulnerabilities and Exposures (CVE)\nidentifier CVE-2008-2732. \nDevices that run software versions 7.0 or 7.1 are not affected by\nthis vulnerability. \n\nA successful attack may result in a reload of the device. \n\nRemote access VPN connections will have Internet Security Association\nand Key Management Protocol (ISAKMP) enabled on an interface with the\ncrypto command, such as: crypto isakmp enable outside. \n\nThis vulnerability is documented in Cisco Bug ID CSCso69942\nand has been assigned Common Vulnerabilities and Exposures (CVE)\nidentifier CVE-2008-2733. A successful attack may result in a reload of the\ndevice. \n\nCisco ASA devices that run versions 7.2, 8.0, or 8.1 with clientless\nSSL VPNs enabled may be affected by this vulnerability. Devices that\nrun software versions 7.0 and 7.1 are not affected by this\nvulnerability. \n\nClientless VPN, SSL VPN Client, and AnyConnect connections are\nenabled via the webvpn command. For example, the following\nconfiguration shows a Cisco ASA with Clientless VPNs configured and\nenabled. In this case the ASA will listen for VPN connections on the\ndefault port, TCP port 443:\n\n http server enable \n !\n webvpn\n enable outside\n\nNote that with this particular configuration, the device is\nvulnerable to attacks coming from the outside interface due to the \nenable outside command within the webvpn group configuration. \n\nThese vulnerabilities are documented in Cisco Bug ID CSCso66472\nand CSCsq19369. They have been assigned Common Vulnerabilities and\nExposures (CVE) identifiers CVE-2008-2734 and CVE-2008-2735. \n\nPotential Information Disclosure in Clientless VPNs\n\nOn Cisco ASA devices configured to terminate clientless VPN\nconnections, an attacker may be able to discover potentially\nsensitive information such as usernames and passwords. This attack\nrequires an attacker to convince a user to visit a rogue web server,\nreply to an e-mail, or interact with a service to successfully\nexploit the vulnerability. \n\nCisco ASA devices running software versions 8.0 or 8.1 with\nclientless VPNs enabled may be affected by this vulnerability. \n\nClientless SSL VPN connections are enabled via the webvpn command. \nFor example, the following configuration shows a Cisco ASA device\nwith Clientless VPNs configured and enabled. In this case the Cisco\nASA device will listen for VPN connections on the default port, TCP\nport 443:\n\n http server enable \n !\n webvpn\n enable outside\n\nNote that with this particular configuration, the device is\nvulnerable to attacks coming from the outside interface due to the \nenable outside command within the webvpn group configuration. \n\nThis vulnerability is documented in Cisco Bug ID CSCsq45636 \nand has been assigned Common Vulnerabilities and Exposures (CVE)\nidentifier CVE-2008-2736. \n\nVulnerability Scoring Details\n=============================\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is calculated in accordance with\nCVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\nErroneous SIP Processing Vulnerabilities\n\nCSCsq07867 - Memory corruption with traceback in SIP inspection code\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsq57091 - Memory corruption and traceback when inspecting malformed SIP packets\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsk60581 - Device reload possible when SIP inspection is enabled\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nCSCsq39315 - Traceback when processing malformed SIP requests\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nIPSec Client Authentication Processing Vulnerability\n\nCSCso69942 - Traceback in Remote Access Authentication Code\n\nCVSS Base Score - 6.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - Single\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 5.6\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nSSL VPN Memory Leak Vulnerability\n\nCSCso66472 - Crypto memory leak causing Clientless SSL VPNs to hang\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nURI Processing Error Vulnerability in SSL VPNs\n\nCSCsq19369 - URI Processing Error in Clientless SSL VPN connections\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nPotential Information Disclosure in Clientless VPNs\n\nCSCsq45636 - Potential Information Disclosure in Clientless SSL VPNs\n\nCVSS Base Score - 7.1\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 5.9\n Exploitability - Functional\n Remediation Level - Official Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the Erroneous SIP Processing\nVulnerabilities, IPSec Client Authentication Processing\nVulnerability, SSL VPN Memory Leak Vulnerability, or URI Processing\nError Vulnerability in SSL VPNs may result in the device reloading. \nThis can be repeatedly exploited and may lead to a denial of service\nattack. \n\nThe Potential Information Disclosure in Clientless SSL VPNs\nvulnerability may allow an attacker to obtain user and group\ncredentials if the user interacts with a rogue system or document. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to\ndetermine exposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following list contains the first fixed software release of each\nvulnerability:\n\n+-----------------------------------------------------+\n| | | Affected | First |\n| Vulnerability | Bug ID | Release | Fixed |\n| | | | Release |\n|----------------+------------+----------+------------|\n| | | 7.0 | 7.0(7)15 |\n| | |----------+------------|\n| | | 7.1 | 7.1(2)70 |\n|Memory | |----------+------------|\n| corruption | | 7.2 | Not |\n| with traceback | CSCsq07867 | | vulnerable |\n|in SIP | |----------+------------|\n| inspection | | 8.0 | Not |\n| code | | | vulnerable |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n|Memory | |----------+------------|\n| corruption and | | 7.1 | Not |\n| traceback when | | | vulnerable |\n|inspecting |CSCsq57091 |----------+------------|\n| malformed SIP | | 7.2 | 7.2(4)7 |\n|packets | |----------+------------|\n| | | 8.0 | 8.0(3)20 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)8 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| | | 7.1 | Not |\n| Device reload | | | vulnerable |\n|possible when |CSCsk60581 |----------+------------|\n| SIP inspection | | 7.2 | 7.2(3)18 |\n|is enabled | |----------+------------|\n| | | 8.0 | 8.0(3)8 |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | 7.0(7)16 |\n| | |----------+------------|\n| | | 7.1 | 7.1(2)71 |\n| | |----------+------------|\n| Traceback when | | 7.2 | Not |\n| processing | CSCsq39315 | | vulnerable |\n|malformed SIP | |----------+------------|\n| requests | | 8.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| | | 8.1 | Not |\n| | | | vulnerable |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Traceback in | | 7.1 | Not |\n| Remote Access | | | vulnerable |\n|Authentication |CSCso69942 |----------+------------|\n| Code | | 7.2 | 7.2(4)2 |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)14 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)4 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Crypto memory | | 7.1 | Not |\n| leak causing | | | vulnerable |\n|Clientless SSL |CSCso66472 |----------+------------|\n| VPNs to hang | | 7.2 | 7.2(4)2 |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)14 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)4 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| HTTP | | 7.1 | Not |\n| Processing | | | vulnerable |\n|Error in |CSCsq19369 |----------+------------|\n| Clientless SSL | | 7.2 | Not |\n| VPN | | | vulnerable |\n|connections | |----------+------------|\n| | | 8.0 | 8.0(3)15 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)5 |\n|----------------+------------+----------+------------|\n| | | 7.0 | Not |\n| | | | vulnerable |\n| | |----------+------------|\n| Potential | | 7.1 | Not |\n| Information | | | vulnerable |\n|Disclosure in |CSCsq45636 |----------+------------|\n| Clientless SSL | | 7.2 | Not |\n| VPNs | | | vulnerable |\n| | |----------+------------|\n| | | 8.0 | 8.0(3)16 |\n| | |----------+------------|\n| | | 8.1 | 8.1(1)6 |\n|-----------------------------+----------+------------|\n| | 7.0 | 7.0(7)16 |\n| |----------+------------|\n| | 7.1 | 7.1(2)72 |\n| |----------+------------|\n| Recommended Release | 7.2 | 7.2(4)9 |\n| |----------+------------|\n| | 8.0 | 8.0(4) |\n| |----------+------------|\n| | 8.1 | 8.1(1)8 |\n+-----------------------------------------------------+\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2\n\nWorkarounds\n===========\n\nThe following workarounds may help some customers mitigate these\nvulnerabilities. \n\nAdditional mitigation techniques that can be deployed on Cisco\ndevices within the network are available in the Cisco Applied\nMitigation Bulletin companion document for this advisory:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml\n\nErroneous SIP Processing Vulnerabilities\n\nSIP inspection should be disabled if it is not needed and temporarily\ndisabling the feature will mitigate the SIP processing\nvulnerabilities. SIP inspection can be disabled with the command no\ninspect sip. \n\nIPSec Authentication Processing Vulnerability\n\nUse strong group credentials for remote access VPN connections and do\nnot give out the group credentials to end users. \n\nSSL VPN Memory Leak Vulnerability and URI Processing Error\nVulnerability in SSL VPNs\n\nIPSec clients are not vulnerable to this issue and may be used in\nconjunction with strong group credentials until the device can be\nupgraded. \n\nPotential Information Disclosure in Clientless SSL VPNs\n\nClient based VPN connections are not vulnerable to the information\ndisclosure vulnerability. If you are running 8.0(3)15, 8.0(3)16,\n8.1(1)4, or 8.1(1)5, you may safely use client based VPN connections as\nan alternative to clientless VPNs. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at:\n\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html\n\nor as otherwise set forth at Cisco.com Downloads at:\n\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through\ntheir regular update channels. For most customers, this means that\nupgrades should be obtained through the Software Center on Cisco\u0027s\nworldwide website at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through\nprior or existing agreements with third-party support organizations,\nsuch as Cisco Partners, authorized resellers, or service providers\nshould contact that support organization for guidance and assistance\nwith the appropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or\nfix is the most appropriate for use in the intended network before it\nis deployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco\nservice contract, and customers who purchase through third-party\nvendors but are unsuccessful in obtaining fixed software through\ntheir point of sale should acquire upgrades by contacting the Cisco\nTechnical Assistance Center (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to\na free upgrade. Free upgrades for non-contract customers must be\nrequested through the TAC. \n\nRefer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThese vulnerabilities were reported to Cisco by customers that\nexperienced these issues during normal operation of their equipment\nand through internal testing efforts. \n\nStatus of this Notice: FINAL\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision | | Initial |\n| 1.0 | 2008-Sept-03 | public |\n| | | release. |\n+---------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\n\nThis includes instructions for press inquiries regarding Cisco security\nnotices. All Cisco security advisories are available at:\n\nhttp://www.cisco.com/go/psirt\n-----BEGIN PGP SIGNATURE-----\n\niD8DBQFIvsPo86n/Gc8U/uARAmOIAKCcTL2O+3w2mEm0GTe2mcnb0NZ5uQCdG9aV\nldazcXFRcGmkm4g38B67ezM=\n=t2NV\n-----END PGP SIGNATURE-----\n. \n\nSuccessful exploitation requires valid user credentials. \n\nSuccessful exploitation requires that a user is tricked into e.g. \nvisiting a malicious web server or reply to an email. \n\nSOLUTION:\nUpdate to fixed versions (please see the vendor\u0027s advisory for\ndetails). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "VULHUB",
"id": "VHN-32858"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2733",
"trust": 2.9
},
{
"db": "BID",
"id": "30998",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "31730",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1020810",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020811",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20080903 REMOTE ACCESS VPN AND SIP VULNERABILITIES IN CISCO PIX AND CISCO ASA",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-32858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69604",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69641",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32858"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"id": "VAR-200809-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-32858"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:31:57.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20080903-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00809f138a.shtml"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/30998"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020810"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020811"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscoappliedmitigationbulletin/cisco-amb-20080903-asa"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/31730"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/31730/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2733"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2492"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2733"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml "
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2733"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2734"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2735"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asa?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pix?psrtdcat20e2"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/687/directory/dirtac.shtml"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16163/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6102/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16164/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6115/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32858"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-32858"
},
{
"db": "BID",
"id": "30998"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"db": "PACKETSTORM",
"id": "69604"
},
{
"db": "PACKETSTORM",
"id": "69641"
},
{
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-32858"
},
{
"date": "2008-09-03T00:00:00",
"db": "BID",
"id": "30998"
},
{
"date": "2008-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"date": "2008-09-03T21:33:09",
"db": "PACKETSTORM",
"id": "69604"
},
{
"date": "2008-09-04T22:20:29",
"db": "PACKETSTORM",
"id": "69641"
},
{
"date": "2008-09-04T16:41:00",
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"date": "2008-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-32858"
},
{
"date": "2008-09-03T19:35:00",
"db": "BID",
"id": "30998"
},
{
"date": "2008-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001673"
},
{
"date": "2017-08-08T01:31:16.980000",
"db": "NVD",
"id": "CVE-2008-2733"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX and ASA of IPSec Service operation related to client authentication (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-051"
}
],
"trust": 0.6
}
}
var-200904-0285
Vulnerability from variot
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. Remote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. These issues are documented by the following Cisco Bug IDs: CSCsx47543 further documents the issue tracked by CVE-2009-1155. CSCsv52239 further documents the issue tracked by CVE-2009-1156. CSCsy22484 further documents the issue tracked by CVE-2009-1157. CSCsx32675 further documents the issue tracked by CVE-2009-1158. CSCsw51809 further documents the issue tracked by CVE-2009-1159. CSCsq91277 further documents the issue tracked by CVE-2009-1160. This implied rejection is a design decision and does not require any configuration. It can be understood as rejecting all unspecified ACEs that reach the end of the ACL. This security advisory outlines the details of these vulnerabilities:
-
VPN Authentication Bypass when Account Override Feature is Used vulnerability
-
Crafted HTTP packet denial of service (DoS) vulnerability
-
Crafted TCP Packet DoS vulnerability
-
Crafted H.323 packet DoS vulnerability
-
SQL*Net packet DoS vulnerability
-
Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
Affected Products
Vulnerable Products +------------------
The following is a list of the products affected by each vulnerability as described in detail within this advisory.
Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). This feature is disabled by default. Only Cisco ASA software versions 8.0 and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the following features:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- Transport Layer Security (TLS) Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
Cisco ASA and Cisco PIX security appliances may experience a device reload that can be triggered by a series of crafted H.323 packets, when H.323 inspection is enabled. H.323 inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. SQL*Net inspection is enabled by default. Cisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected by this vulnerability. Cisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this vulnerability.
Determination of Software Versions +---------------------------------
The "show version" command-line interface (CLI) command can be used to determine whether a vulnerable version of the Cisco PIX or Cisco ASA software is running. The following example shows a Cisco ASA Adaptive Security Appliance that runs software version 8.0(4):
ASA#show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.0(1)
<output truncated>
The following example shows a Cisco PIX security appliance that runs software version 8.0(4):
PIX#show version
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 5.2(3)
<output truncated>
Customers who use Cisco ASDM to manage their devices can find the software version displayed in the table in the login window or in the upper left corner of the ASDM window.
Products Confirmed Not Vulnerable +--------------------------------
The Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers and Cisco VPN 3000 Series Concentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities are independent of each other. However, the user must provide the correct credentials in order to login to the VPN.
Note: The override account feature was introduced in Cisco ASA software version 7.1(1).
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode, as shown in the following example. The following example allows overriding the "account-disabled" indicator from the AAA server for the WebVPN tunnel group "testgroup":
hostname(config)#tunnel-group testgroup type webvpn
hostname(config)#tunnel-group testgroup general-attributes
hostname(config-tunnel-general)#override-account-disable
Note: The override account feature is disabled by default.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
A crafted SSL or HTTP packet may cause a DoS condition on a Cisco ASA device that is configured to terminate SSL VPN connections. This vulnerability can also be triggered to any interface where ASDM access is enabled. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted TCP Packet DoS Vulnerability +-----------------------------------
A crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX device. A successful attack may result in a sustained DoS condition. A Cisco ASA device configured for any of the following features is affected:
- SSL VPNs
- ASDM Administrative Access
- Telnet Access
- SSH Access
- cTCP for Remote Access VPNs
- Virtual Telnet
- Virtual HTTP
- TLS Proxy for Encrypted Voice Inspection
- Cut-Through Proxy for Network Access
- TCP Intercept
Note: This vulnerability may be triggered when crafted packets are sent to any TCP based service that terminates on the affected device. The vulnerability may also be triggered via transient traffic only if the TCP intercept features has been enabled. A TCP three-way handshake is not needed to exploit this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
A crafted H.323 packet may cause a DoS condition on a Cisco ASA device that is configured with H.323 inspection. H.323 inspection is enabled by default. A successful attack may result in a reload of the device. A TCP three-way handshake is not needed to exploit this vulnerability. A series of SQLNet packets may cause a denial of service condition on a Cisco ASA and Cisco PIX device that is configured with SQLNet inspection. SQL*Net inspection is enabled by default. A successful attack may result in a reload of the device.
The default port assignment for SQLNet is TCP port 1521. This is the value used by Oracle for SQLNet. Please note the "class-map" command can be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection to a range of different port numbers. A TCP three-way handshake is needed to exploit this vulnerability. The requirement of a TCP three way handshake significantly reduces the possibility of exploitation using packets with spoofed source addresses.
Access Control List Bypass Vulnerability +---------------------------------------
Access lists have an implicit deny behavior that is applied to packets that have not matched any of the permit or deny ACEs in an ACL and reach the end of the ACL. This implicit deny is there by design, does not require any configuration and can be understood as an implicit ACE that denies all traffic reaching the end of the ACL.
Note: This behavior only impacts the implicit deny statement on any ACL applied on the device. Access control lists with explicit deny statements are not affected by this vulnerability. This vulnerability is experienced in very rare occasions and extremely hard to reproduce.
You can trace the lifespan of a packet through the security appliance to see whether the packet is operating correctly with the packet tracer tool. The "packet-tracer" command provides detailed information about the packets and how they are processed by the security appliance. If a command from the configuration did not cause the packet to drop, the "packet-tracer" command will provide information about the cause in an easily readable manner. You can use this feature to see if the implicit deny on an ACL is not taking effect. The following example shows that the implicit deny is bypassed (result = ALLOW):
<output truncated>
...
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
<output truncated>
This vulnerability is documented in Cisco Bug ID CSCsq91277 and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1160.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- AAA account-override-ignore allows VPN session without correct password (CSCsx47543)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 6.8 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash with certain HTTP packets (CSCsv52239)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Cisco ASA may crash after processing certain TCP packets (CSCsy22484)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- Crafted H.323 packet may cause ASA to reload (CSCsx32675)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- sqlnet traffic causes traceback with inspection configured (CSCsw51809)
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - High Remediation Level - Official-Fix Report Confidence - Confirmed
- ACL Misbehavior in Cisco ASA (CSCsq91277)
CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None
CVSS Temporal Score - 3.6 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of the VPN Authentication Bypass when Account Override Feature is Used vulnerability may allow an attacker to successfully connect to the Cisco ASA via remote access IPSec or SSL-based VPN. Repeated exploitation could result in a sustained DoS condition. Successful exploitation of the ACL bypass vulnerability may allow an attacker to access resources that should be protected by the Cisco ASA.
Software Versions and Fixes
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following table contains the first fixed software release of each vulnerability. The "Recommended Release" row indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a version of the given release in a specific row (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Release" row of the table.
+------------------------------------------------------+ | | Affected | First | Recommended | | Vulnerability | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | VPN | | vulnerable | | |Authentication |----------+------------+-------------| | Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 | |Account |----------+------------+-------------| | Override | 7.2 | 7.2(4)27 | 7.2(4)30 | |Feature is |----------+------------+-------------| | Used | 8.0 | 8.0(4)25 | 8.0(4)28 | |Vulnerability |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted HTTP | | vulnerable | | |packet DoS |----------+------------+-------------| | Vulnerability | 7.2 | Not | 7.2(4)30 | | | | vulnerable | | | |----------+------------+-------------| | | 8.0 | 8.0(4)25 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)15 | 8.1(2)16 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted TCP |----------+------------+-------------| | Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)28 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)19 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)6 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)82 | 7.1(2)82 | |Crafted H.323 |----------+------------+-------------| | packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 | |Vulnerability |----------+------------+-------------| | | 8.0 | 8.0(4)24 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)14 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | Not | 7.0(8)6 | | | | vulnerable | | | |----------+------------+-------------| | | 7.1 | Not | 7.1(2)82 | | Crafted SQL | | vulnerable | | |packet DoS |----------+------------+-------------| | vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 | | |----------+------------+-------------| | | 8.0 | 8.0(4)22 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | 8.1(2)12 | 8.1(2)19 | |----------------+----------+------------+-------------| | | 7.0 | 7.0(8)1 | 7.0(8)6 | | |----------+------------+-------------| | | 7.1 | 7.1(2)74 | 7.1(2)82 | |Access control |----------+------------+-------------| | list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 | |bypass |----------+------------+-------------| | vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 | | |----------+------------+-------------| | | 8.1 | Not | 8.1(2)19 | | | | vulnerable | | +------------------------------------------------------+
Fixed Cisco ASA software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
Fixed Cisco PIX software can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT
Workarounds
This Security Advisory describes multiple distinct vulnerabilities. These vulnerabilities and their respective workarounds are independent of each other.
VPN Authentication Bypass Vulnerability +--------------------------------------
The override account feature is enabled with the "override-account-disable" command in "tunnel-group general-attributes" configuration mode. As a workaround, disable this feature using the "no override-account-disable" command.
Crafted HTTP Packet DoS Vulnerability +------------------------------------
Devices configured for SSL VPN (clientless or client-based) or accepting ASDM management connections are vulnerable.
Note: IPSec clients are not vulnerable to this vulnerability.
If SSL VPN (clientless or client-based) is not used, administrators should make sure that ASDM connections are only allowed from trusted hosts.
To identify the IP addresses from which the security appliance accepts HTTPS connections for ASDM, configure the "http" command for each trusted host address or subnet. The following example, shows how a trusted host with IP address 192.168.1.100 is added to the configuration:
hostname(config)# http 192.168.1.100 255.255.255.255
Crafted TCP Packet DoS Vulnerability +-----------------------------------
There are no workarounds for this vulnerability.
Crafted H.323 Packet DoS Vulnerability +-------------------------------------
H.323 inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. H.323 inspection can be disabled with the command "no inspect h323".
SQL*Net Packet DoS Vulnerability +-------------------------------
SQLNet inspection should be disabled if it is not needed. Temporarily disabling the feature will mitigate this vulnerability. SQLNet inspection can be disabled with the command "no inspect sqlnet".
Access Control List (ACL) Bypass Vulnerability +---------------------------------------------
As a workaround, remove the "access-group" line applied on the interface where the ACL is configured and re-apply it. For example:
ASA(config)#no access-group acl-inside in interface inside
ASA(config)#access-group acl-inside in interface inside
In the previous example the access group called "acl-inside" is removed and reapplied to the inside interface. Alternatively, you can add an explicit "deny ip any any" line in the bottom of the ACL applied on that interface. For example:
ASA(config)#access-list 100 deny ip any any
In the previous example, an explicit deny for all IP traffic is added at the end of "access-list 100".
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
The crafted TCP packet DoS vulnerability was discovered and reported to Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon Business.
The ACL bypass vulnerability was reported to Cisco by Jon Ramsey and Jeff Jarmoc from SecureWorks.
The Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities, and welcomes the opportunity to review and assist in product reports.
All other vulnerabilities were found during internal testing and during the resolution of customer service requests.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+------------------------------------------------------------+ | Revision 1.0 | 2009-April-08 | Initial public release. | +------------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.
+-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +--------------------------------------------------------------------
Updated: Apr 08, 2009 Document ID: 109974 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc Q8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ =Xi7D -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia report for 2008.
SOLUTION: Update to the fixed versions (please see the vendor advisory for patch information).
PROVIDED AND/OR DISCOVERED BY: 3) The vendor credits Gregory W.
ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
OTHER REFERENCES: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance 5500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 1.1,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"model": "pix/asa",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
}
],
"sources": [
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregory W. MacPherson Jon Ramsey",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-1160",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-38606",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1160",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-38606",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-1160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. \nRemote attackers can exploit these issues to cause an affected device to reload, to force network traffic to bypass ACL rules, or to gain unauthorized access to an affected device. Successful exploits may facilitate further attacks. \nThese issues are documented by the following Cisco Bug IDs:\nCSCsx47543 further documents the issue tracked by CVE-2009-1155. \nCSCsv52239 further documents the issue tracked by CVE-2009-1156. \nCSCsy22484 further documents the issue tracked by CVE-2009-1157. \nCSCsx32675 further documents the issue tracked by CVE-2009-1158. \nCSCsw51809 further documents the issue tracked by CVE-2009-1159. \nCSCsq91277 further documents the issue tracked by CVE-2009-1160. This implied rejection is a design decision and does not require any configuration. It can be understood as rejecting all unspecified ACEs that reach the end of the ACL. This security\nadvisory outlines the details of these vulnerabilities:\n\n * VPN Authentication Bypass when Account Override Feature is Used\n vulnerability\n\n * Crafted HTTP packet denial of service (DoS) vulnerability\n\n * Crafted TCP Packet DoS vulnerability\n\n * Crafted H.323 packet DoS vulnerability\n\n * SQL*Net packet DoS vulnerability\n\n * Access control list (ACL) bypass vulnerability\n\nWorkarounds are available for some of the vulnerabilities. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml. \n\nAffected Products\n=================\n\nVulnerable Products\n+------------------\n\nThe following is a list of the products affected by each vulnerability\nas described in detail within this advisory. \n\nNote: The Override Account Disabled feature was introduced in Cisco\nASA software version 7.1(1). This feature is\ndisabled by default. Only Cisco ASA software versions 8.0 and 8.1 are\naffected by this vulnerability. Cisco ASA and\nCisco PIX security appliances running versions 7.0, 7.1, 7.2, 8.0, and\n8.1 are affected when configured for any of the following features:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * Transport Layer Security (TLS) Proxy for Encrypted Voice\n Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nCisco ASA and Cisco PIX security appliances may experience a device\nreload that can be triggered by a series of crafted H.323 packets, when\nH.323 inspection is enabled. H.323 inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.0, 7.1, 7.2, 8.0, and 8.1\nare affected by this vulnerability. SQL*Net inspection is enabled by default. \nCisco ASA and Cisco PIX software versions 7.2, 8.0, and 8.1 are affected\nby this vulnerability. Cisco ASA and\nCisco PIX software versions 7.0, 7.1, 7.2, and 8.0 are affected by this\nvulnerability. \n\nDetermination of Software Versions\n+---------------------------------\n\nThe \"show version\" command-line interface (CLI) command can be used to\ndetermine whether a vulnerable version of the Cisco PIX or Cisco ASA\nsoftware is running. The following example shows a Cisco ASA Adaptive\nSecurity Appliance that runs software version 8.0(4):\n\n ASA#show version\n\n Cisco Adaptive Security Appliance Software Version 8.0(4)\n Device Manager Version 6.0(1)\n\n \u003coutput truncated\u003e\n\nThe following example shows a Cisco PIX security appliance that runs\nsoftware version 8.0(4):\n\n PIX#show version\n\n Cisco PIX Security Appliance Software Version 8.0(4)\n Device Manager Version 5.2(3)\n\n \u003coutput truncated\u003e\n\nCustomers who use Cisco ASDM to manage their devices can find the\nsoftware version displayed in the table in the login window or in the\nupper left corner of the ASDM window. \n\nProducts Confirmed Not Vulnerable\n+--------------------------------\n\nThe Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers and Cisco VPN 3000 Series\nConcentrators are not affected by any of these vulnerabilities. No other Cisco products are currently known to be\naffected by these vulnerabilities. \n\nDetails\n=======\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities are independent of each other. However, the user must provide the correct\ncredentials in order to login to the VPN. \n\nNote: The override account feature was introduced in Cisco ASA software\nversion 7.1(1). \n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode, as shown in the following example. The following\nexample allows overriding the \"account-disabled\" indicator from the AAA\nserver for the WebVPN tunnel group \"testgroup\":\n\n hostname(config)#tunnel-group testgroup type webvpn\n hostname(config)#tunnel-group testgroup general-attributes\n hostname(config-tunnel-general)#override-account-disable\n\nNote: The override account feature is disabled by default. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nA crafted SSL or HTTP packet may cause a DoS condition on a Cisco\nASA device that is configured to terminate SSL VPN connections. This\nvulnerability can also be triggered to any interface where ASDM access\nis enabled. A successful attack may result in a reload of the device. A\nTCP three-way handshake is not needed to exploit this vulnerability. \n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nA crafted TCP packet may cause a memory leak on a Cisco ASA or Cisco PIX\ndevice. A successful attack may result in a sustained DoS condition. \nA Cisco ASA device configured for any of the following features is\naffected:\n\n * SSL VPNs\n * ASDM Administrative Access\n * Telnet Access\n * SSH Access\n * cTCP for Remote Access VPNs\n * Virtual Telnet\n * Virtual HTTP\n * TLS Proxy for Encrypted Voice Inspection\n * Cut-Through Proxy for Network Access\n * TCP Intercept\n\nNote: This vulnerability may be triggered when crafted packets are sent\nto any TCP based service that terminates on the affected device. The\nvulnerability may also be triggered via transient traffic only if the\nTCP intercept features has been enabled. A TCP three-way handshake is\nnot needed to exploit this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nA crafted H.323 packet may cause a DoS condition on a Cisco ASA device\nthat is configured with H.323 inspection. H.323 inspection is enabled by\ndefault. A successful attack may result in a reload of the device. A TCP\nthree-way handshake is not needed to exploit this vulnerability. A series of SQL*Net packets\nmay cause a denial of service condition on a Cisco ASA and Cisco PIX\ndevice that is configured with SQL*Net inspection. SQL*Net inspection is\nenabled by default. A successful attack may result in a reload of the\ndevice. \n\nThe default port assignment for SQL*Net is TCP port 1521. This is the\nvalue used by Oracle for SQL*Net. Please note the \"class-map\" command\ncan be used in the Cisco ASA or Cisco PIX to apply SQL*Net inspection\nto a range of different port numbers. A TCP three-way handshake is\nneeded to exploit this vulnerability. The requirement of a TCP three way\nhandshake significantly reduces the possibility of exploitation using\npackets with spoofed source addresses. \n\nAccess Control List Bypass Vulnerability\n+---------------------------------------\n\nAccess lists have an implicit deny behavior that is applied to packets\nthat have not matched any of the permit or deny ACEs in an ACL and reach\nthe end of the ACL. This implicit deny is there by design, does not\nrequire any configuration and can be understood as an implicit ACE that\ndenies all traffic reaching the end of the ACL. \n\nNote: This behavior only impacts the implicit deny statement on any\nACL applied on the device. Access control lists with explicit deny\nstatements are not affected by this vulnerability. This vulnerability is\nexperienced in very rare occasions and extremely hard to reproduce. \n\nYou can trace the lifespan of a packet through the security appliance\nto see whether the packet is operating correctly with the packet tracer\ntool. The \"packet-tracer\" command provides detailed information about\nthe packets and how they are processed by the security appliance. If a\ncommand from the configuration did not cause the packet to drop, the\n\"packet-tracer\" command will provide information about the cause in an\neasily readable manner. You can use this feature to see if the implicit\ndeny on an ACL is not taking effect. The following example shows that\nthe implicit deny is bypassed (result = ALLOW):\n\n \u003coutput truncated\u003e\n ... \n Phase: 2\n Type: ACCESS-LIST\n Subtype:\n Result: ALLOW\n Config:\n Implicit Rule\n Additional Information:\n Forward Flow based lookup yields rule:\n in id=0x1a09d350, priority=1, domain=permit, deny=false\n hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8\n src mac=0000.0000.0000, mask=0000.0000.0000\n dst mac=0000.0000.0000, mask=0000.0000.0000\n\n \u003coutput truncated\u003e\n\nThis vulnerability is documented in Cisco Bug ID CSCsq91277 and has\nbeen assigned Common Vulnerabilities and Exposures (CVE) identifiers\nCVE-2009-1160. \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory based\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\nthis Security Advisory is done in accordance with CVSS version 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of the\nvulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* AAA account-override-ignore allows VPN session without correct\npassword (CSCsx47543)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 6.8\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash with certain HTTP packets (CSCsv52239)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Cisco ASA may crash after processing certain TCP packets (CSCsy22484)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* Crafted H.323 packet may cause ASA to reload (CSCsx32675)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* sqlnet traffic causes traceback with inspection configured\n(CSCsw51809)\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - High\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n* ACL Misbehavior in Cisco ASA (CSCsq91277)\n\nCVSS Base Score - 4.3\n Access Vector - Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Partial\n Integrity Impact - None\n Availability Impact - None\n\nCVSS Temporal Score - 3.6\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\nImpact\n======\n\nSuccessful exploitation of the VPN Authentication Bypass when Account\nOverride Feature is Used vulnerability may allow an attacker to\nsuccessfully connect to the Cisco ASA via remote access IPSec or\nSSL-based VPN. Repeated exploitation could result in\na sustained DoS condition. Successful exploitation of the ACL bypass\nvulnerability may allow an attacker to access resources that should be\nprotected by the Cisco ASA. \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\nexposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nThe following table contains the first fixed software release of each\nvulnerability. The \"Recommended Release\" row indicates the releases\nwhich have fixes for all the published vulnerabilities at the time\nof this Advisory. A device running a version of the given release in\na specific row (less than the First Fixed Release) is known to be\nvulnerable. Cisco recommends upgrading to a release equal to or later\nthan the release in the \"Recommended Release\" row of the table. \n\n+------------------------------------------------------+\n| | Affected | First | Recommended |\n| Vulnerability | Release | Fixed | Release |\n| | | Version | |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| VPN | | vulnerable | |\n|Authentication |----------+------------+-------------|\n| Bypass when | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Account |----------+------------+-------------|\n| Override | 7.2 | 7.2(4)27 | 7.2(4)30 |\n|Feature is |----------+------------+-------------|\n| Used | 8.0 | 8.0(4)25 | 8.0(4)28 |\n|Vulnerability |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted HTTP | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| Vulnerability | 7.2 | Not | 7.2(4)30 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)25 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)15 | 8.1(2)16 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted TCP |----------+------------+-------------|\n| Packet DoS | 7.2 | 7.2(4)30 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)28 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)19 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)6 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)82 | 7.1(2)82 |\n|Crafted H.323 |----------+------------+-------------|\n| packet DoS | 7.2 | 7.2(4)26 | 7.2(4)30 |\n|Vulnerability |----------+------------+-------------|\n| | 8.0 | 8.0(4)24 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)14 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | Not | 7.0(8)6 |\n| | | vulnerable | |\n| |----------+------------+-------------|\n| | 7.1 | Not | 7.1(2)82 |\n| Crafted SQL | | vulnerable | |\n|packet DoS |----------+------------+-------------|\n| vulnerability | 7.2 | 7.2(4)26 | 7.2(4)30 |\n| |----------+------------+-------------|\n| | 8.0 | 8.0(4)22 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | 8.1(2)12 | 8.1(2)19 |\n|----------------+----------+------------+-------------|\n| | 7.0 | 7.0(8)1 | 7.0(8)6 |\n| |----------+------------+-------------|\n| | 7.1 | 7.1(2)74 | 7.1(2)82 |\n|Access control |----------+------------+-------------|\n| list (ACL) | 7.2 | 7.2(4)9 | 7.2(4)30 |\n|bypass |----------+------------+-------------|\n| vulnerability | 8.0 | 8.0(4)5 | 8.0(4)28 |\n| |----------+------------+-------------|\n| | 8.1 | Not | 8.1(2)19 |\n| | | vulnerable | |\n+------------------------------------------------------+\n\nFixed Cisco ASA software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT\n\nFixed Cisco PIX software can be downloaded from:\n\nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/PIXPSIRT\n\nWorkarounds\n===========\n\nThis Security Advisory describes multiple distinct vulnerabilities. \nThese vulnerabilities and their respective workarounds are independent\nof each other. \n\nVPN Authentication Bypass Vulnerability\n+--------------------------------------\n\nThe override account feature is enabled with the\n\"override-account-disable\" command in \"tunnel-group general-attributes\"\nconfiguration mode. As a workaround, disable this feature using the \"no\noverride-account-disable\" command. \n\nCrafted HTTP Packet DoS Vulnerability\n+------------------------------------\n\nDevices configured for SSL VPN (clientless or client-based) or accepting\nASDM management connections are vulnerable. \n\nNote: IPSec clients are not vulnerable to this vulnerability. \n\nIf SSL VPN (clientless or client-based) is not used, administrators\nshould make sure that ASDM connections are only allowed from trusted\nhosts. \n\nTo identify the IP addresses from which the security appliance\naccepts HTTPS connections for ASDM, configure the \"http\" command for\neach trusted host address or subnet. The following example, shows\nhow a trusted host with IP address 192.168.1.100 is added to the\nconfiguration:\n\n hostname(config)# http 192.168.1.100 255.255.255.255\n\nCrafted TCP Packet DoS Vulnerability\n+-----------------------------------\n\nThere are no workarounds for this vulnerability. \n\nCrafted H.323 Packet DoS Vulnerability\n+-------------------------------------\n\nH.323 inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. H.323 inspection\ncan be disabled with the command \"no inspect h323\". \n\nSQL*Net Packet DoS Vulnerability\n+-------------------------------\n\nSQL*Net inspection should be disabled if it is not needed. Temporarily\ndisabling the feature will mitigate this vulnerability. SQL*Net\ninspection can be disabled with the command \"no inspect sqlnet\". \n\nAccess Control List (ACL) Bypass Vulnerability\n+---------------------------------------------\n\nAs a workaround, remove the \"access-group\" line applied on the interface\nwhere the ACL is configured and re-apply it. For example:\n\n ASA(config)#no access-group acl-inside in interface inside\n ASA(config)#access-group acl-inside in interface inside\n\nIn the previous example the access group called \"acl-inside\" is removed\nand reapplied to the inside interface. Alternatively, you can add an\nexplicit \"deny ip any any\" line in the bottom of the ACL applied on that\ninterface. For example:\n\n ASA(config)#access-list 100 deny ip any any\n\nIn the previous example, an explicit deny for all IP traffic is added at\nthe end of \"access-list 100\". \n\nAdditional mitigations that can be deployed on Cisco devices within the\nnetwork are available in the Cisco Applied Mitigation Bulletin companion\ndocument for this advisory, which is available at the following link:\n\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml. \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should consult\ntheir maintenance provider or check the software for feature set\ncompatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature\nsets they have purchased. By installing, downloading, accessing\nor otherwise using such software upgrades, customers agree to be\nbound by the terms of Cisco\u0027s software license terms found at\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\nor as otherwise set forth at Cisco.com Downloads at\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\nupgrades. \n\nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through their\nregular update channels. For most customers, this means that upgrades\nshould be obtained through the Software Center on Cisco\u0027s worldwide\nwebsite at http://www.cisco.com. \n\nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through prior\nor existing agreements with third-party support organizations, such\nas Cisco Partners, authorized resellers, or service providers should\ncontact that support organization for guidance and assistance with the\nappropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or fix\nis the most appropriate for use in the intended network before it is\ndeployed. \n\nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco service\ncontract, and customers who purchase through third-party vendors but are\nunsuccessful in obtaining fixed software through their point of sale\nshould acquire upgrades by contacting the Cisco Technical Assistance\nCenter (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to a\nfree upgrade. Free upgrades for non-contract customers must be requested\nthrough the TAC. \n\nRefer to\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\nfor additional TAC contact information, including localized telephone\nnumbers, and instructions and e-mail addresses for use in various\nlanguages. \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerability described in this advisory. \n\nThe crafted TCP packet DoS vulnerability was discovered and reported\nto Cisco by Gregory W. MacPherson and Robert J. Combo from Verizon\nBusiness. \n\nThe ACL bypass vulnerability was reported to Cisco by Jon Ramsey and\nJeff Jarmoc from SecureWorks. \n\nThe Cisco PSIRT greatly appreciates the opportunity to work with\nresearchers on security vulnerabilities, and welcomes the opportunity to\nreview and assist in product reports. \n\nAll other vulnerabilities were found during internal testing and during\nthe resolution of customer service requests. \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that omits\nthe distribution URL in the following section is an uncontrolled copy,\nand may lack important information or contain factual errors. \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nIn addition to worldwide web posting, a text version of this notice is\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\ne-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on mailing\nlists or newsgroups. Users concerned about this problem are encouraged\nto check the above URL for any updates. \n\nRevision History\n================\n\n+------------------------------------------------------------+\n| Revision 1.0 | 2009-April-08 | Initial public release. |\n+------------------------------------------------------------+\n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities\nin Cisco products, obtaining assistance with security\nincidents, and registering to receive security information\nfrom Cisco, is available on Cisco\u0027s worldwide website at\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. \nThis includes instructions for press inquiries regarding\nCisco security notices. All Cisco security advisories are available at\nhttp://www.cisco.com/go/psirt. \n\n+--------------------------------------------------------------------\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n\nUpdated: Apr 08, 2009 Document ID: 109974\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEYEARECAAYFAkncyUMACgkQ86n/Gc8U/uBS1ACeP7Toj7XSKuo/eaLfK6K4Gqzc\nQ8EAn2anUwiQH4xV5NoNVt+3JiKn2LXQ\n=Xi7D\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nSOLUTION:\nUpdate to the fixed versions (please see the vendor advisory for\npatch information). \n\nPROVIDED AND/OR DISCOVERED BY:\n3) The vendor credits Gregory W. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml\n\nOTHER REFERENCES:\nhttp://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1160"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1160",
"trust": 3.0
},
{
"db": "BID",
"id": "34429",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "34607",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1022017",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2009-0981",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197",
"trust": 0.8
},
{
"db": "CISCO",
"id": "20090408 MULTIPLE VULNERABILITIES IN CISCO ASA ADAPTIVE SECURITY APPLIANCE AND CISCO PIX SECURITY APPLIANCES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38606",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-1160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76440",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76528",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"id": "VAR-200904-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38606"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:35:36.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20090408-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/34429"
},
{
"trust": 2.6,
"url": "http://www.securitytracker.com/id?1022017"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/34607"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1160"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1160"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080a99518.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502566"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080a994f6.shtml#@id"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1160"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/prod_warranties_item09186a008088e31f.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asapsirt"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1155"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1159"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-amb-20090408-asa.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/pixpsirt"
},
{
"trust": 0.1,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34607/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/request_2008_report/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38606"
},
{
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"db": "BID",
"id": "34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"db": "PACKETSTORM",
"id": "76440"
},
{
"db": "PACKETSTORM",
"id": "76528"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-38606"
},
{
"date": "2009-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"date": "2009-04-08T00:00:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"date": "2009-04-08T18:42:33",
"db": "PACKETSTORM",
"id": "76440"
},
{
"date": "2009-04-09T15:10:51",
"db": "PACKETSTORM",
"id": "76528"
},
{
"date": "2009-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"date": "2009-04-09T15:08:35.797000",
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-38606"
},
{
"date": "2009-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1160"
},
{
"date": "2009-04-13T20:06:00",
"db": "BID",
"id": "34429"
},
{
"date": "2009-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001197"
},
{
"date": "2009-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-201"
},
{
"date": "2009-04-28T05:39:14.750000",
"db": "NVD",
"id": "CVE-2009-1160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PIX/ASA Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001197"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-201"
}
],
"trust": 0.6
}
}
cve-2008-3815
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021090 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/31864 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32360 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021089 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46024 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/2899 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021090"
},
{
"name": "oval:org.mitre.oval:def:5983",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983"
},
{
"name": "31864",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31864"
},
{
"name": "32360",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32360"
},
{
"name": "1021089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021089"
},
{
"name": "cisco-pix-asa-ntdomain-authentication-bypass(46024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"name": "20081022 Multiple Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"name": "ADV-2008-2899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1021090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021090"
},
{
"name": "oval:org.mitre.oval:def:5983",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983"
},
{
"name": "31864",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31864"
},
{
"name": "32360",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32360"
},
{
"name": "1021089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021089"
},
{
"name": "cisco-pix-asa-ntdomain-authentication-bypass(46024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"name": "20081022 Multiple Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"name": "ADV-2008-2899",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021090"
},
{
"name": "oval:org.mitre.oval:def:5983",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5983"
},
{
"name": "31864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31864"
},
{
"name": "32360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32360"
},
{
"name": "1021089",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021089"
},
{
"name": "cisco-pix-asa-ntdomain-authentication-bypass(46024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46024"
},
{
"name": "20081022 Multiple Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml"
},
{
"name": "ADV-2008-2899",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-3815",
"datePublished": "2008-10-23T21:00:00",
"dateReserved": "2008-08-27T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1160
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022017 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022017",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022017",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1160",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1157
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/53445 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022015 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53445"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53445"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53445",
"refsource": "OSVDB",
"url": "http://osvdb.org/53445"
},
{
"name": "1022015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1157",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1159
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/53446 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022015 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53446"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53446",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53446"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53446",
"refsource": "OSVDB",
"url": "http://osvdb.org/53446"
},
{
"name": "1022015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1159",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3774
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015256"
},
{
"name": "cisco-pix-ttl-dos(25079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
},
{
"name": "cisco-pix-tcp-data-field-dos(25077)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"name": "24140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24140"
},
{
"name": "15525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
},
{
"name": "20060307 Cisco PIX embryonic state machine 1b data DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"name": "20051128 Response to Cisco PIX TCP Connection Prevention",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"name": "20060307 Cisco PIX embryonic state machine TTL(n-1) DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"name": "VU#853540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"name": "17670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17670"
},
{
"name": "20060307 RE: Cisco PIX embryonic state machine 1b data DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"name": "ADV-2005-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015256"
},
{
"name": "cisco-pix-ttl-dos(25079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
},
{
"name": "cisco-pix-tcp-data-field-dos(25077)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"name": "24140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24140"
},
{
"name": "15525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
},
{
"name": "20060307 Cisco PIX embryonic state machine 1b data DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"name": "20051128 Response to Cisco PIX TCP Connection Prevention",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"name": "20060307 Cisco PIX embryonic state machine TTL(n-1) DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"name": "VU#853540",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"name": "17670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17670"
},
{
"name": "20060307 RE: Cisco PIX embryonic state machine 1b data DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"name": "ADV-2005-2546",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of \"meaningless data,\" or (3) a TTL that is one less than needed to reach the internal destination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015256",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015256"
},
{
"name": "cisco-pix-ttl-dos(25079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25079"
},
{
"name": "cisco-pix-tcp-data-field-dos(25077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25077"
},
{
"name": "24140",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24140"
},
{
"name": "15525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15525"
},
{
"name": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080624a37.html"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038983.html"
},
{
"name": "20060307 Cisco PIX embryonic state machine 1b data DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426989/100/0/threaded"
},
{
"name": "20051128 Response to Cisco PIX TCP Connection Prevention",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml"
},
{
"name": "20060307 Cisco PIX embryonic state machine TTL(n-1) DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426991/100/0/threaded"
},
{
"name": "VU#853540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/853540"
},
{
"name": "17670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17670"
},
{
"name": "20060307 RE: Cisco PIX embryonic state machine 1b data DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427041/100/0/threaded"
},
{
"name": "ADV-2005-2546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2546"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417458/30/0/threaded"
},
{
"name": "20051122 Cisco PIX TCP Connection Prevention",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038971.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3774",
"datePublished": "2005-11-23T00:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2461
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/23763 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1017999 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/530057 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2007/1635 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1018000 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34026 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/35330 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25109 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070502 DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html"
},
{
"name": "23763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23763"
},
{
"name": "1017999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017999"
},
{
"name": "VU#530057",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"name": "ADV-2007-1635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"name": "1018000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018000"
},
{
"name": "cisco-asa-dhcp-dos(34026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
},
{
"name": "35330",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35330"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070502 DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html"
},
{
"name": "23763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23763"
},
{
"name": "1017999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017999"
},
{
"name": "VU#530057",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"name": "ADV-2007-1635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"name": "1018000",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018000"
},
{
"name": "cisco-asa-dhcp-dos(34026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
},
{
"name": "35330",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35330"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070502 DHCP Relay Agent Vulnerability in Cisco PIX and ASA Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html"
},
{
"name": "23763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23763"
},
{
"name": "1017999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017999"
},
{
"name": "VU#530057",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/530057"
},
{
"name": "ADV-2007-1635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1635"
},
{
"name": "1018000",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018000"
},
{
"name": "cisco-asa-dhcp-dos(34026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34026"
},
{
"name": "35330",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35330"
},
{
"name": "25109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2461",
"datePublished": "2007-05-02T22:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2463
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.osvdb.org/35332 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1636 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34021 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/23768 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25109 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "35332",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35332"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "cisco-asa-vpn-dos(34021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "35332",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35332"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "cisco-asa-vpn-dos(34021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "35332",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35332"
},
{
"name": "ADV-2007-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "cisco-asa-vpn-dos(34021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34021"
},
{
"name": "23768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2463",
"datePublished": "2007-05-02T22:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2464
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34023 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/1636 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/23768 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25109 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/35333 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/337508 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "cisco-asa-ssl-vpn-dos(34023)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25109"
},
{
"name": "35333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35333"
},
{
"name": "VU#337508",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/337508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "cisco-asa-ssl-vpn-dos(34023)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25109"
},
{
"name": "35333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35333"
},
{
"name": "VU#337508",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/337508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "cisco-asa-ssl-vpn-dos(34023)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
},
{
"name": "ADV-2007-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "23768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25109"
},
{
"name": "35333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35333"
},
{
"name": "VU#337508",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/337508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2464",
"datePublished": "2007-05-02T22:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2732
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020808 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/31730 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44866 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020809 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/30998 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020808"
},
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "31730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31730"
},
{
"name": "cisco-pix-asa-sipinspection-dos(44866)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
},
{
"name": "1020809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020809"
},
{
"name": "30998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1020808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020808"
},
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "31730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31730"
},
{
"name": "cisco-pix-asa-sipinspection-dos(44866)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
},
{
"name": "1020809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020809"
},
{
"name": "30998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30998"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-2732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020808",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020808"
},
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "31730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31730"
},
{
"name": "cisco-pix-asa-sipinspection-dos(44866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866"
},
{
"name": "1020809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020809"
},
{
"name": "30998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30998"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-2732",
"datePublished": "2008-09-04T16:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2462
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1017994 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.kb.cert.org/vuls/id/210876 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34020 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/1636 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1017995 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/35331 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/23768 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25109 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:32.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017994"
},
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "VU#210876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"name": "cisco-asa-ldap-authentication-bypass(34020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "1017995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017995"
},
{
"name": "35331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/35331"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017994",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017994"
},
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "VU#210876",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"name": "cisco-asa-ldap-authentication-bypass(34020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
},
{
"name": "ADV-2007-1636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "1017995",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017995"
},
{
"name": "35331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/35331"
},
{
"name": "23768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017994",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017994"
},
{
"name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
},
{
"name": "VU#210876",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210876"
},
{
"name": "cisco-asa-ldap-authentication-bypass(34020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34020"
},
{
"name": "ADV-2007-1636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1636"
},
{
"name": "1017995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017995"
},
{
"name": "35331",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35331"
},
{
"name": "23768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23768"
},
{
"name": "25109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2462",
"datePublished": "2007-05-02T22:00:00",
"dateReserved": "2007-05-02T00:00:00",
"dateUpdated": "2024-08-07T13:42:32.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1158
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022015 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/53444 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53444",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53444",
"refsource": "OSVDB",
"url": "http://osvdb.org/53444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1158",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2733
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44867 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020811 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1020810 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/31730 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/30998 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "cisco-pix-asa-ipsecclientauth-dos(44867)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
},
{
"name": "1020811",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020811"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "1020810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020810"
},
{
"name": "31730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31730"
},
{
"name": "30998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "cisco-pix-asa-ipsecclientauth-dos(44867)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
},
{
"name": "1020811",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020811"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "1020810",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020810"
},
{
"name": "31730",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31730"
},
{
"name": "30998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30998"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
},
{
"name": "cisco-pix-asa-ipsecclientauth-dos(44867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
},
{
"name": "1020811",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020811"
},
{
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "1020810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020810"
},
{
"name": "31730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31730"
},
{
"name": "30998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30998"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2008-2733",
"datePublished": "2008-09-04T16:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1155
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022016 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/53441 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022016"
},
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53441"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1022016",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022016"
},
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53441",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53441"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022016",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022016"
},
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "53441",
"refsource": "OSVDB",
"url": "http://osvdb.org/53441"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1155",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1156
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0981 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34429 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/34607 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022015 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/53442 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-0981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0981"
},
{
"name": "34429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34429"
},
{
"name": "20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml"
},
{
"name": "34607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34607"
},
{
"name": "1022015",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022015"
},
{
"name": "53442",
"refsource": "OSVDB",
"url": "http://osvdb.org/53442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-1156",
"datePublished": "2009-04-09T15:00:00",
"dateReserved": "2009-03-26T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}