Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Informations
Name cisco-sa-20111005-asa First vendor Publication 2011-07-07
Vendor Cisco Last vendor Modification 2011-10-05
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.9 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 5.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module are affected by multiple vulnerabilities as follows:

* MSN Instant Messenger (IM) Inspection Denial of Service vulnerability
* TACACS+ Authentication Bypass vulnerability
* Four SunRPC Inspection Denial of Service vulnerabilities
* Internet Locator Service (ILS) Inspection Denial of Service vulnerability

These vulnerabilities are independent; a release that is affected by one vulnerability may not necessarily be affected by the others.

Workarounds for some of the vulnerabilities are provided in this advisory.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...)

CWE : Common Weakness Enumeration

% Id Name
86 % CWE-399 Resource Management Errors
14 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 64
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Os 73

Open Source Vulnerability Database (OSVDB)

Id Description
76091 Cisco Multiple Product MSN IM Inspection Feature Packet Parsing Remote DoS

76090 Cisco Multiple Product ILS Message Packet Parsing Remote DoS

76089 Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3302)

76088 Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3301)

76087 Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3300)

76086 Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3299)

76085 Cisco Multiple Product TACACS+ Reply Parsing Authentication Bypass

Nessus® Vulnerability Scanner

Date Description
2011-10-25 Name : The remote security device is missing a vendor-supplied security patch.
File : cisco-sa-20111005-asa.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 10:22:02
  • Multiple Updates