Executive Summary
| Summary | |
|---|---|
| Title | Multiple Vulnerabilities in Cisco PIX and Cisco ASA |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20080604-asa | First vendor Publication | 2008-04-08 |
| Vendor | Cisco | Last vendor Modification | 2008-06-04 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines details of these vulnerabilities: * Crafted TCP ACK Packet Vulnerability The first four vulnerabilities may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL). Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a00809a (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-20 | Improper Input Validation |
| 25 % | CWE-399 | Resource Management Errors |
| 25 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Hardware | 1 | |
| Hardware | 4 | |
| Os | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 46028 | Cisco PIX / ASA Control-plane ACLs Unspecified Remote Bypass |
| 46027 | Cisco PIX / ASA Port 443 Port Scan Remote DoS |
| 46026 | Cisco PIX / ASA Instant Messenger (IM) Inspection Engine Crafted Packet Remot... |
| 46025 | Cisco PIX / ASA Crafted Transport Layer Security (TLS) Packet Remote DoS |
| 46024 | Cisco PIX / ASA Crafted TCP ACK Packet Remote DoS |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 17:30:07 |
|
| 2013-05-11 00:42:31 |
|
