This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2005-12-22
Product Pix Firewall 506 Last view 2011-02-25
Version Type Hardware
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:h:cisco:pix_firewall_506:*:*:*:*:*:*:*:* 10

Related : CVE

  Date Alert Description
7.8 2011-02-25 CVE-2011-0396

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.

7.8 2011-02-25 CVE-2011-0395

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583.

7.8 2010-08-09 CVE-2010-2817

Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507.

7.8 2010-08-09 CVE-2010-2816

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.

7.8 2010-08-09 CVE-2010-2815

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.

7.8 2010-08-09 CVE-2010-2814

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506.

6.8 2006-08-23 CVE-2006-4312

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.

5 2006-08-16 CVE-2006-4194

Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue

5 2006-07-27 CVE-2006-3906

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.

7.5 2005-12-22 CVE-2005-4499

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-399 Resource Management Errors
50% (1) CWE-264 Permissions, Privileges, and Access Controls

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:5299 Cisco Multiple Products IKE Packet DoS

Open Source Vulnerability Database (OSVDB)

id Description
72586 Cisco Adaptive Security Appliances (ASA) 5500 Series Certificate Authority (C...
72585 Cisco Adaptive Security Appliances (ASA) 5500 Series RIP Update Handling Remo...
67015 Cisco PIX / ASA IKE Implementation Crafted Message Remote DoS
67014 Cisco Adaptive Security Appliances (ASA) SIP Inspection Feature Crafted Packe...
67013 Cisco PIX / ASA TLS Implementation Crafted Packet Sequence Remote DoS (2010-2...
67012 Cisco PIX / ASA TLS Implementation Crafted Packet Sequence Remote DoS (2010-2...
29781 Cisco PIX 500 Series SIP fixup Command Intranet UDP Routing
29068 Cisco Multiple Products IKE Phase-1 Packet Saturation DoS
28143 Cisco Multiple Products Unintentional Password Modification
22193 Cisco Secure Access Control Server (ACS) RAS/NAS Downloadable IP ACL Disclosure

Nessus® Vulnerability Scanner

id Description
2011-09-01 Name: The remote security device is missing a vendor-supplied security patch.
File: cisco-sa-20100804-asa.nasl - Type: ACT_GATHER_INFO
2011-03-09 Name: The remote security device is missing a vendor-supplied security patch.
File: cisco-sa-20110223-asa.nasl - Type: ACT_GATHER_INFO