cvelistv5 - cve-2007-2464

cve-2007-2464

Vulnerability from cvelistv5

Published

2007-05-02 22:00

Modified

2024-08-07 13:42

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25109
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/337508	US Government Resource
cve@mitre.org	http://www.osvdb.org/35333
cve@mitre.org	http://www.securityfocus.com/bid/23768
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1636
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34023
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25109
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/337508	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35333
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23768
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1636
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34023

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:42:32.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
          },
          {
            "name": "cisco-asa-ssl-vpn-dos(34023)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
          },
          {
            "name": "ADV-2007-1636",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1636"
          },
          {
            "name": "23768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23768"
          },
          {
            "name": "25109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25109"
          },
          {
            "name": "35333",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/35333"
          },
          {
            "name": "VU#337508",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/337508"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
        },
        {
          "name": "cisco-asa-ssl-vpn-dos(34023)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
        },
        {
          "name": "ADV-2007-1636",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1636"
        },
        {
          "name": "23768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23768"
        },
        {
          "name": "25109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25109"
        },
        {
          "name": "35333",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/35333"
        },
        {
          "name": "VU#337508",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/337508"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
            },
            {
              "name": "cisco-asa-ssl-vpn-dos(34023)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
            },
            {
              "name": "ADV-2007-1636",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1636"
            },
            {
              "name": "23768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23768"
            },
            {
              "name": "25109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25109"
            },
            {
              "name": "35333",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/35333"
            },
            {
              "name": "VU#337508",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/337508"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2464",
    "datePublished": "2007-05-02T22:00:00",
    "dateReserved": "2007-05-02T00:00:00",
    "dateUpdated": "2024-08-07T13:42:32.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.2\", \"matchCriteriaId\": \"36B51668-5055-4B10-9E0F-D25C470C9A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4991BC7-B07D-4D8C-885C-136AD9D4E209\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.2.2\", \"matchCriteriaId\": \"051F79C8-3058-4926-A533-73F5A269599E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \\\"clientless SSL VPNs,\\\" allows remote attackers to cause a denial of service (device reload) via \\\"non-standard SSL sessions.\\\"\"}, {\"lang\": \"es\", \"value\": \"Condici\\u00f3n de carrera en el Cisco Adaptive Security Appliance (ASA) y en el PIX 7.1 anterior al 7.1(2)49 y el 7.2 anterior al 7.2(2)19, cuando se utiliza \\\"VPNs SSL sin cliente\\\", permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (recargar el dispositivo) a trav\\u00e9s de \\\"sesiones SSL no est\\u00e1ndar\\\".\"}]",
      "evaluatorSolution": "The vendor has addressed this issue with a product update. Information can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
      "id": "CVE-2007-2464",
      "lastModified": "2024-11-21T00:30:51.300",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-05-02T22:19:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/25109\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/337508\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35333\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23768\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1636\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34023\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25109\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/337508\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/35333\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2464\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-02T22:19:00.000\",\"lastModified\":\"2024-11-21T00:30:51.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \\\"clientless SSL VPNs,\\\" allows remote attackers to cause a denial of service (device reload) via \\\"non-standard SSL sessions.\\\"\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en el Cisco Adaptive Security Appliance (ASA) y en el PIX 7.1 anterior al 7.1(2)49 y el 7.2 anterior al 7.2(2)19, cuando se utiliza \\\"VPNs SSL sin cliente\\\", permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recargar el dispositivo) a trav\u00e9s de \\\"sesiones SSL no est\u00e1ndar\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.2\",\"matchCriteriaId\":\"36B51668-5055-4B10-9E0F-D25C470C9A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4991BC7-B07D-4D8C-885C-136AD9D4E209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.2.2\",\"matchCriteriaId\":\"051F79C8-3058-4926-A533-73F5A269599E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/25109\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/337508\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35333\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23768\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1636\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34023\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/337508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/35333\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"The vendor has addressed this issue with a product update. Information can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml\"}}"
  }
}

gsd-2007-2464

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2464

Aliases

CVE-2007-2464

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2464",
    "description": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\"",
    "id": "GSD-2007-2464"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2464"
      ],
      "details": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\"",
      "id": "GSD-2007-2464",
      "modified": "2023-12-13T01:21:37.633331Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2464",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
          },
          {
            "name": "cisco-asa-ssl-vpn-dos(34023)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
          },
          {
            "name": "ADV-2007-1636",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1636"
          },
          {
            "name": "23768",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23768"
          },
          {
            "name": "25109",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25109"
          },
          {
            "name": "35333",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/35333"
          },
          {
            "name": "VU#337508",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/337508"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2464"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070502 LDAP and VPN Vulnerabilities in PIX and ASA Appliances",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
            },
            {
              "name": "23768",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23768"
            },
            {
              "name": "25109",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25109"
            },
            {
              "name": "VU#337508",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/337508"
            },
            {
              "name": "35333",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/35333"
            },
            {
              "name": "ADV-2007-1636",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1636"
            },
            {
              "name": "cisco-asa-ssl-vpn-dos(34023)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-08-11T19:02Z",
      "publishedDate": "2007-05-02T22:19Z"
    }
  }
}

ghsa-rrvv-gf86-xrp2

Vulnerability from github

Published

2022-05-01 18:03

Modified

2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2464"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-05-02T22:19:00Z",
    "severity": "HIGH"
  },
  "details": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\"",
  "id": "GHSA-rrvv-gf86-xrp2",
  "modified": "2022-05-01T18:03:56Z",
  "published": "2022-05-01T18:03:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2464"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/337508"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/35333"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2007-2464

Vulnerability from fkie_nvd

Published

2007-05-02 22:19

Modified

2024-11-21 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/25109
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/337508	US Government Resource
cve@mitre.org	http://www.osvdb.org/35333
cve@mitre.org	http://www.securityfocus.com/bid/23768
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1636
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34023
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25109
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/337508	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/35333
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23768
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1636
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34023

Impacted products

Vendor	Product	Version
cisco	pix	*
cisco	pix	7.1
cisco	adaptive_security_appliance_software	*
cisco	adaptive_security_appliance_software	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B51668-5055-4B10-9E0F-D25C470C9A80",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "051F79C8-3058-4926-A533-73F5A269599E",
              "versionEndIncluding": "7.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E623855-FB2B-4B8A-85E8-B8DC29A3FBB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\""
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el Cisco Adaptive Security Appliance (ASA) y en el PIX 7.1 anterior al 7.1(2)49 y el 7.2 anterior al 7.2(2)19, cuando se utiliza \"VPNs SSL sin cliente\", permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recargar el dispositivo) a trav\u00e9s de \"sesiones SSL no est\u00e1ndar\"."
    }
  ],
  "evaluatorSolution": "The vendor has addressed this issue with a product update. Information can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml",
  "id": "CVE-2007-2464",
  "lastModified": "2024-11-21T00:30:51.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-02T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/337508"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/35333"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/337508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/35333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions.". The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. This vulnerability is documented as bug CSCsi16248.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

1) An unspecified error exists when using the LDAP authentication mechanism, which can be exploited to bypass the authentication and gain access to the device or the network.

Successful exploitation requires that the device uses the Layer 2 Tunneling Protocol (L2TP) and is configured to use LDAP servers with another protocol other than PAP for authentication, or that the device offers remote management access (telnet, SSH, HTTP) and uses an LDAP AAA server for authentication.

2) An unspecified error when using VPN connections configured with password expiry can be exploited to cause a DoS.

Successful exploitation requires that the tunnel group is configured with password expiry. In order to exploit this in IPSec VPN connections, an attacker also needs to know the group name and group password.

Successful exploitation requires that clientless SSL is used.

4) An error within the DHCP relay agent when handling DHCPACK messages can be exploited to cause a DoS due to memory exhaustion by sending a large number of DHCP requests to a vulnerable device.

Successful exploitation requires that devices are configured to use the DHCP relay agent.

SOLUTION: Apply updated software versions. Please see vendor advisories for details.

PROVIDED AND/OR DISCOVERED BY: 1-3) Reported by the vendor. 4) Lisa Sittler and Grant Deffenbaugh, CERT/CC.

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml

http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html http://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html

US-CERT VU#530057: http://www.kb.cert.org/vuls/id/530057

OTHER REFERENCES: US-CERT VU#210876: http://www.kb.cert.org/vuls/id/210876

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0481",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 3.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.2"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.7)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.16)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.15)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.14)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(2.10)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2(1)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.(2.48)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2.5)"
      },
      {
        "model": "pix/asa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1(2)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.8)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.19)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.(2.17)"
      },
      {
        "model": "pix/asa",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.(2.49)"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Security bulletin",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2464",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-2464",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25826",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2464",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#337508",
            "trust": 0.8,
            "value": "0.70"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#210876",
            "trust": 0.8,
            "value": "2.43"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#530057",
            "trust": 0.8,
            "value": "0.64"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200705-031",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25826",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using \"clientless SSL VPNs,\" allows remote attackers to cause a denial of service (device reload) via \"non-standard SSL sessions.\". The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Remote attackers may use this vulnerability to cause the device to fail to work normally or to bypass authentication. This vulnerability is documented as bug CSCsi16248. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n1) An unspecified error exists when using the LDAP authentication\nmechanism, which can be exploited to bypass the authentication and\ngain access to the device or the network. \n\nSuccessful exploitation requires that the device uses the Layer 2\nTunneling Protocol (L2TP) and is configured to use LDAP servers with\nanother protocol other than PAP for authentication, or that the\ndevice offers remote management access (telnet, SSH, HTTP) and uses\nan LDAP AAA server for authentication. \n\n2) An unspecified error when using VPN connections configured with\npassword expiry can be exploited to cause a DoS. \n\nSuccessful exploitation requires that the tunnel group is configured\nwith password expiry. In order to exploit this in IPSec VPN\nconnections, an attacker also needs to know the group name and group\npassword. \n\nSuccessful exploitation requires that clientless SSL is used. \n\n4) An error within the DHCP relay agent when handling DHCPACK\nmessages can be exploited to cause a DoS due to memory exhaustion by\nsending a large number of DHCP requests to a vulnerable device. \n\nSuccessful exploitation requires that devices are configured to use\nthe DHCP relay agent. \n\nSOLUTION:\nApply updated software versions. Please see vendor advisories for\ndetails. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Reported by the vendor. \n4) Lisa Sittler and Grant Deffenbaugh, CERT/CC. \n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml\nhttp://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml\n\nhttp://www.cisco.com/en/US/products/products_security_response09186a0080833172.html\nhttp://www.cisco.com/en/US/products/products_applied_intelligence_response09186a008083316f.html\n\nUS-CERT VU#530057:\nhttp://www.kb.cert.org/vuls/id/530057\n\nOTHER REFERENCES:\nUS-CERT VU#210876:\nhttp://www.kb.cert.org/vuls/id/210876\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      }
    ],
    "trust": 4.23
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#337508",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "23768",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "25109",
        "trust": 2.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1636",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "35333",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "34023",
        "trust": 1.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057",
        "trust": 0.9
      },
      {
        "db": "OSVDB",
        "id": "35331",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20070502 LDAP AND VPN VULNERABILITIES IN PIX AND ASA APPLIANCES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "56436",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "id": "VAR-200705-0481",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:35:24.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070502-asa",
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/337508"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/23768"
      },
      {
        "trust": 2.4,
        "url": "http://www.cisco.com/en/us/products/ps6120/index.html"
      },
      {
        "trust": 2.4,
        "url": "http://en.wikipedia.org/wiki/intrusion-prevention_system"
      },
      {
        "trust": 2.0,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/35333"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25109"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/1636"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/34023"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/1636"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34023"
      },
      {
        "trust": 0.9,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20070502-pix.shtml"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/25109/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/warp/public/110/webvpnasa.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/netsol/ns461/networking_solutions_white_paper0900aecd80282f87.shtml"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080833166.shtml#details"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsi16248"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/35331"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/pcgi-bin/support/bugtool/onebug.pl?bugid=cscsh50277"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/ps6120/products_configuration_guide_chapter09186a0080636f31.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2464"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2464"
      },
      {
        "trust": 0.4,
        "url": "http://www.kb.cert.org/vuls/id/210876"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/467385"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/530057"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_applied_intelligence_response09186a008083316f.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/en/us/products/products_security_response09186a0080833172.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6115/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "db": "BID",
        "id": "23768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "BID",
        "id": "23768"
      },
      {
        "date": "2007-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "date": "2007-05-04T05:48:13",
        "db": "PACKETSTORM",
        "id": "56436"
      },
      {
        "date": "2007-05-02T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "date": "2007-05-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-05-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#337508"
      },
      {
        "date": "2007-06-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#210876"
      },
      {
        "date": "2007-05-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#530057"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25826"
      },
      {
        "date": "2016-07-06T14:39:00",
        "db": "BID",
        "id": "23768"
      },
      {
        "date": "2007-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000337"
      },
      {
        "date": "2023-08-11T19:02:04.560000",
        "db": "NVD",
        "id": "CVE-2007-2464"
      },
      {
        "date": "2007-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco ASA clientless SSL VPN denial of service vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#337508"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200705-031"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-2464

Vulnerability from cvelistv5

gsd-2007-2464

Vulnerability from gsd

ghsa-rrvv-gf86-xrp2

Vulnerability from github

cve-2007-2464

Vulnerability from fkie_nvd

var-200705-0481

Vulnerability from variot

Tags

Sightings

Nomenclature