7.8 - cisco-sa-20071017-fwsm

Executive Summary

Summary
Title	Multiple Vulnerabilities in Firewall Services Module (2)

Informations
Name	cisco-sa-20071017-fwsm	First vendor Publication	2007-08-24
Vendor	Cisco	Last vendor Modification	2007-10-31
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Two crafted packet vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml

CWE : Common Weakness Enumeration

%	Id	Name
67 %	CWE-20	Improper Input Validation
33 %	CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Cisco Firewall Services Module cpe:2.3:h:cisco:firewall_services_module:3.2(1):::::::* cpe:2.3:h:cisco:firewall_services_module:3.1(6):::::::* cpe:2.3:h:cisco:firewall_services_module:3.1(5):::::::* cpe:2.3:h:cisco:firewall_services_module:3.1:::::::* cpe:2.3:h:cisco:firewall_services_module:2.3(1):::::::* cpe:2.3:h:cisco:firewall_services_module:2.3:::::::* cpe:2.3:h:cisco:firewall_services_module:2.2(1):::::::* cpe:2.3:h:cisco:firewall_services_module:2.2:::::::* cpe:2.3:h:cisco:firewall_services_module:2.1_(0.208):::::::* cpe:2.3:h:cisco:firewall_services_module:1.1.3:::::::* cpe:2.3:h:cisco:firewall_services_module:1.1.2:::::::* cpe:2.3:h:cisco:firewall_services_module:1.1_(3.005):::::::* cpe:2.3:h:cisco:firewall_services_module:::::::: cpe:2.3:h:cisco:firewall_services_module:-:::::::*	14
Os	Cisco Adaptive Security Appliance Software cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.8):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.7):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.19):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.17):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.16):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.15):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.14):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(2.10):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(1):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2(1.22):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1(2):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1(2.5):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1(2.49):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1(2.48):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1(2.27):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0(6.7):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0(5):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0(5.2):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0(4):::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:::::::* cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:::::::*	24

Open Source Vulnerability Database (OSVDB)

Id	Description
37946	Cisco Firewall Services Module (FWSM) ACL Manipulation Unspecified Corruption Cisco Firewall Services Module (FWSM) contains a design flaw that may allow corruption of access-lists (ACL). The issue could be triggered by manipulating access control list entries (ACE). It is possible that the ACL becomes corrupted and not evaluate certain ACE's in a proper way, so that denied traffic could be accepted and permitted traffic blocked by the firewall. This results in a loss of integrity.
37945	Cisco Firewall Services Module (FWSM) Crafted MGCP Packet Inspection DoS The Cisco Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when special crafted MGCP packets are procesed by the inspection engine, and will result in loss of availability for the device.
37944	Cisco Firewall Services Module (FWSM) Crafted HTTPS Request Remote DoS Cisco Firewall Services Module (FWSM) contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTPS packet is processed by the device, and will result in loss of availability for the system.
37943	Cisco PIX / ASA Media Gateway Control Protocol (MGCP) Handling Remote DoS

Global Informations

Type	Count
CWE ID(s)	3
CPE ID(s)	38
osvdb(s)	4

	Related
7.8	CVE-2007-5570
7.1	CVE-2007-5568
6.8	CVE-2007-5571
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

7.8 - cisco-sa-20071017-fwsm

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU