Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Firewall Services Module |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070214-fwsm | First vendor Publication | 2006-11-21 |
Vendor | Cisco | Last vendor Modification | 2007-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM). These vulnerabilities occur in the processing of specific Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), Session Initiation Protocol (SIP), and Simple Network Management Protocol (SNMP) traffic. If verbose logging is enabled for debugging purposes, a vulnerability exists when the FWSM processes packets destined to itself. All of these vulnerabilities may result in a reload of the device. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-56 | Removing/short-circuiting 'guard logic' |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 4 | |
Hardware | 2 | |
Os | 4 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
33061 | Cisco Firewall Services Module (FWSM) ACE Evaluation ACL Bypass Cisco Firewall Services Module (FWSM) contains a design flaw that may allow corruption of access-lists (ACL). The issue could be triggered by manipulating ACL's which uses object-groups. It is possible that the ACL becomes corrupted and ACE entries to not be elevated at all or out of order, resulting in blocking legitimate traffic and allowing traffic that is normally restricted. This vulnerability results in a loss of integrity and availability. |
33060 | Cisco Firewall Services Module (FWSM) Malformed SNMP Request Remote DoS The Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when processing received malformed SNMP packets, and will result in loss of availability for the system. |
33059 | Cisco Firewall Services Module (FWSM) Crafted HTTPS Traffic DoS Cisco Firewall Services Module contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted HTTPS packets are directed to the FWSM it's HTTPS services, and will result in loss of availability for the system. |
33058 | Cisco Firewall Services Module (FWSM) aaa Authentication HTTP Request Overflo... Cisco Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when HTTP requests with a long URL are send through the auth-proxy feature, and will result in loss of availability for the system. |
33057 | Cisco Firewall Services Module (FWSM) aaa Authentication Malformed HTTPS Requ... Cisco Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when certain malformed HTTPS requests are send through the auth-proxy feature, and will result in loss of availability for the system. |
33056 | Cisco Firewall Services Module (FWSM) Crafted Traffic Syslog Message 710006 DoS Cisco Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when the FWSM receives an unknown malformed packet for one of it's interfaces IP and generates a syslog message with id 710006. This will result in loss of availability for the system. |
33055 | Cisco PIX / ASA inspect http Malformed HTTP Traffic DoS |
33054 | Cisco PIX / ASA inspect sip Malformed SIP Packet DoS |