Executive Summary
Summary | |
---|---|
Title | LDAP and VPN Vulnerabilities in PIX and ASA Appliances |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070502-asa | First vendor Publication | 2007-03-13 |
Vendor | Cisco | Last vendor Modification | 2008-04-24 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance (ASA) and PIX security appliances. These vulnerabilities include two Lightweight Directory Access Protocol (LDAP) authentication bypass vulnerabilities and two denial of service (DoS) vulnerabilities. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070502-asa.shtml |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35333 | Cisco PIX / ASA Crafted Clientless SSL Connection Race Condition DoS PIX/ASA contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw in the SSL VPN HTTP server related to processing non-standard SSL sessions, and will result in loss of availability for the platform. |
35332 | Cisco PIX / ASA Unspecified VPN Connection DoS PIX/ASA contains a flaw that may allow a remote denial of service. The issue is triggered by an unspecified flaw related to the password-management command used in VPN tunnel configuration, and will result in reloading the device. |
35331 | Cisco PIX / ASA Unspecified LDAP Authentication Bypass PIX/ASA contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when by an unspecified flaw in the LDAP implementation involving L2TP and Remote Management Access. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity. |