cvelistv5 - CVE-2005-3788

CVE-2005-3788

Vulnerability from cvelistv5

Published

2005-11-24 11:00

Modified

2024-08-07 23:24

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=113199814008230&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=113201784415859&w=2
cve@mitre.org	http://secunia.com/advisories/17550/	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/178
cve@mitre.org	http://securitytracker.com/id?1015205	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/15407
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23160
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113199814008230&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113201784415859&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17550/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/178
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15407
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23160

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:24:36.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20051114 RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
          },
          {
            "name": "17550",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17550/"
          },
          {
            "name": "1015205",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015205"
          },
          {
            "name": "15407",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15407"
          },
          {
            "name": "20051114 [ADVISORY] CISCO ASA Failover DoS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
          },
          {
            "name": "178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/178"
          },
          {
            "name": "cisco-asa-failover-dos(23160)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20051114 RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
        },
        {
          "name": "17550",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17550/"
        },
        {
          "name": "1015205",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015205"
        },
        {
          "name": "15407",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15407"
        },
        {
          "name": "20051114 [ADVISORY] CISCO ASA Failover DoS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
        },
        {
          "name": "178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/178"
        },
        {
          "name": "cisco-asa-failover-dos(23160)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20051114 RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
            },
            {
              "name": "17550",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17550/"
            },
            {
              "name": "1015205",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015205"
            },
            {
              "name": "15407",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15407"
            },
            {
              "name": "20051114 [ADVISORY] CISCO ASA Failover DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
            },
            {
              "name": "178",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/178"
            },
            {
              "name": "cisco-asa-failover-dos(23160)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3788",
    "datePublished": "2005-11-24T11:00:00",
    "dateReserved": "2005-11-24T00:00:00",
    "dateUpdated": "2024-08-07T23:24:36.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(0\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15ECB359-7290-4732-96F2-AFCEE21C7899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DA2F01C-ECF1-477B-A413-75D0EB817079\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC150564-7413-401A-9DD8-8AD773F1D8F9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \\\"failover denial of service.\\\"\"}, {\"lang\": \"es\", \"value\": \"Condici\\u00f3n de carrera en Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), Y 7.0(4), cuando corre una configuraci\\u00f3n Activo/En Espera y cuando la interfaz LAN de reserva falla, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (fallo de cortafuegos en espera) enviando respuestas ARP suplantadas de la direcci\\u00f3n IP de un cortafuegos activo, lo que impide que el cortafuegos en espera se vuelva activo, tcc \\\"denegaci\\u00f3n de servicio de reserva\\\".\"}]",
      "id": "CVE-2005-3788",
      "lastModified": "2024-11-21T00:02:40.963",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:C\", \"baseScore\": 5.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-11-24T11:03:00.000",
      "references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/17550/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/178\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015205\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/15407\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/23160\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/17550/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/178\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015205\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/15407\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/23160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3788\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-11-24T11:03:00.000\",\"lastModified\":\"2024-11-21T00:02:40.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \\\"failover denial of service.\\\"\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), Y 7.0(4), cuando corre una configuraci\u00f3n Activo/En Espera y cuando la interfaz LAN de reserva falla, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de cortafuegos en espera) enviando respuestas ARP suplantadas de la direcci\u00f3n IP de un cortafuegos activo, lo que impide que el cortafuegos en espera se vuelva activo, tcc \\\"denegaci\u00f3n de servicio de reserva\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:C\",\"baseScore\":5.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15ECB359-7290-4732-96F2-AFCEE21C7899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA2F01C-ECF1-477B-A413-75D0EB817079\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC150564-7413-401A-9DD8-8AD773F1D8F9\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17550/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/178\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015205\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/15407\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23160\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/17550/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/15407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2005-3788

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-3788

Aliases

CVE-2005-3788

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3788",
    "description": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\"",
    "id": "GSD-2005-3788"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3788"
      ],
      "details": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\"",
      "id": "GSD-2005-3788",
      "modified": "2023-12-13T01:20:12.072971Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3788",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20051114 RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
          },
          {
            "name": "17550",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17550/"
          },
          {
            "name": "1015205",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015205"
          },
          {
            "name": "15407",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15407"
          },
          {
            "name": "20051114 [ADVISORY] CISCO ASA Failover DoS Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
          },
          {
            "name": "178",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/178"
          },
          {
            "name": "cisco-asa-failover-dos(23160)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3788"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15407",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15407"
            },
            {
              "name": "1015205",
              "refsource": "SECTRACK",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://securitytracker.com/id?1015205"
            },
            {
              "name": "17550",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17550/"
            },
            {
              "name": "178",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/178"
            },
            {
              "name": "20051114 RE: [ADVISORY] CISCO ASA Failover DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
            },
            {
              "name": "20051114 [ADVISORY] CISCO ASA Failover DoS Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
            },
            {
              "name": "cisco-asa-failover-dos(23160)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-08-11T18:54Z",
      "publishedDate": "2005-11-24T11:03Z"
    }
  }
}

ghsa-2qpc-3frw-rxpf

Vulnerability from github

Published

2022-05-01 02:21

Modified

2022-05-01 02:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-3788"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-11-24T11:03:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\"",
  "id": "GHSA-2qpc-3frw-rxpf",
  "modified": "2022-05-01T02:21:20Z",
  "published": "2022-05-01T02:21:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3788"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17550"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/178"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015205"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service.". Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances. This issue is due to insufficient validation of ARP responses. This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4). Other versions may also be affected. The Cisco ASA Series Adaptive Security Appliances are Cisco's purpose-designed solutions that combine the highest security and VPN services with a new Adaptive Identification and Defense (AIM) architecture. Whether the firewall is alive, but not authenticating the response to the request.

The weakness is caused due to the ASA failover testing algorithm failing to properly identify that the active firewall has failed. This can be exploited to prevent the standby firewall from activating via spoofed ARP responses. The failover may also fail to happen if there is another device with the same IP address as the active firewall on the same network subnet.

The weakness has been reported in ASA running 7.0(0), 7.0(2), and 7.0(4).

SOLUTION: The vendor recommends that port security should be configured for all switch ports in the same VLANs as the active and standby firewalls enabled interfaces to prevent an attacker from spoofing the active firewall's interface MAC address.

The firewall log should also be monitored for any IP address collisions.

PROVIDED AND/OR DISCOVERED BY: Amin Tora, ePlus Security Team.

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200511-0298",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(4\\)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.0\\(0\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0\\(4\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0\\(0\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.0\\(2\\)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(4)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(2)"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.0(0)"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "15407"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Amin Tora  atora@EPLUS.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-3788",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "VHN-14996",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2005-3788",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-3788",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200511-369",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-14996",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2005-3788",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\". Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances.  This issue is due to insufficient validation of ARP responses. \nThis issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4).  Other versions may also be affected. The Cisco ASA Series Adaptive Security Appliances are Cisco\u0027s purpose-designed solutions that combine the highest security and VPN services with a new Adaptive Identification and Defense (AIM) architecture. Whether the firewall is alive, but not authenticating the response to the request. \r\n\r\nThe weakness is caused due to the ASA failover testing algorithm\nfailing to properly identify that the active firewall has failed. This can be exploited to prevent\nthe standby firewall from activating via spoofed ARP responses. The\nfailover may also fail to happen if there is another device with the\nsame IP address as the active firewall on the same network subnet.  \r\n\r\nThe weakness has been reported in ASA running 7.0(0), 7.0(2), and\n7.0(4). \n\nSOLUTION:\nThe vendor recommends that port security should be configured for all\nswitch ports in the same VLANs as the active and standby firewalls\nenabled interfaces to prevent an attacker from spoofing the active\nfirewall\u0027s interface MAC address. \r\n\r\nThe firewall log should also be monitored for any IP address\ncollisions. \n\nPROVIDED AND/OR DISCOVERED BY:\nAmin Tora, ePlus Security Team. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "BID",
        "id": "15407"
      },
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "db": "PACKETSTORM",
        "id": "41564"
      }
    ],
    "trust": 1.44
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15407",
        "trust": 2.1
      },
      {
        "db": "SECUNIA",
        "id": "17550",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1015205",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "178",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "23160",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20051114 RE: [ADVISORY] CISCO ASA FAILOVER DOS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20051114 [ADVISORY] CISCO ASA FAILOVER DOS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-14996",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41564",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "db": "BID",
        "id": "15407"
      },
      {
        "db": "PACKETSTORM",
        "id": "41564"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "id": "VAR-200511-0298",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:13:27.512000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://secunia.com/advisories/17550/"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/15407"
      },
      {
        "trust": 1.8,
        "url": "http://securitytracker.com/id?1015205"
      },
      {
        "trust": 1.8,
        "url": "http://securityreason.com/securityalert/178"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/23160"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=113201784415859\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=113199814008230\u0026w=2"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6120/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/416544"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=113201784415859\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=113199814008230\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6115/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "db": "BID",
        "id": "15407"
      },
      {
        "db": "PACKETSTORM",
        "id": "41564"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "db": "BID",
        "id": "15407"
      },
      {
        "db": "PACKETSTORM",
        "id": "41564"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "date": "2005-11-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "date": "2005-11-14T00:00:00",
        "db": "BID",
        "id": "15407"
      },
      {
        "date": "2005-11-15T18:49:25",
        "db": "PACKETSTORM",
        "id": "41564"
      },
      {
        "date": "2005-11-24T11:03:00",
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "date": "2005-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-14996"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2005-3788"
      },
      {
        "date": "2005-11-14T00:00:00",
        "db": "BID",
        "id": "15407"
      },
      {
        "date": "2023-08-11T18:54:47.730000",
        "db": "NVD",
        "id": "CVE-2005-3788"
      },
      {
        "date": "2005-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Adaptive Security Applicance Failover denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200511-369"
      }
    ],
    "trust": 0.6
  }
}

CVE-2005-3788

Vulnerability from fkie_nvd

Published

2005-11-24 11:03

Modified

2024-11-21 00:02

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=113199814008230&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=113201784415859&w=2
cve@mitre.org	http://secunia.com/advisories/17550/	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/178
cve@mitre.org	http://securitytracker.com/id?1015205	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/15407
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23160
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113199814008230&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=113201784415859&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17550/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/178
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015205	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15407
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23160

Impacted products

Vendor	Product	Version
cisco	adaptive_security_appliance_software	7.0\(0\)
cisco	adaptive_security_appliance_software	7.0\(2\)
cisco	adaptive_security_appliance_software	7.0\(4\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "15ECB359-7290-4732-96F2-AFCEE21C7899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2F01C-ECF1-477B-A413-75D0EB817079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AC150564-7413-401A-9DD8-8AD773F1D8F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka \"failover denial of service.\""
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), Y 7.0(4), cuando corre una configuraci\u00f3n Activo/En Espera y cuando la interfaz LAN de reserva falla, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de cortafuegos en espera) enviando respuestas ARP suplantadas de la direcci\u00f3n IP de un cortafuegos activo, lo que impide que el cortafuegos en espera se vuelva activo, tcc \"denegaci\u00f3n de servicio de reserva\"."
    }
  ],
  "id": "CVE-2005-3788",
  "lastModified": "2024-11-21T00:02:40.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-24T11:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17550/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15407"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=113199814008230\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=113201784415859\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17550/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23160"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-3788

Vulnerability from cvelistv5

gsd-2005-3788

Vulnerability from gsd

ghsa-2qpc-3frw-rxpf

Vulnerability from github

var-200511-0298

Vulnerability from variot

CVE-2005-3788

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature