Executive Summary
| Summary | |
|---|---|
| Title | Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20080903-asa | First vendor Publication | 2008-06-18 |
| Vendor | Cisco | Last vendor Modification | 2008-09-03 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information. This security advisory outlines details of the following vulnerabilities: * Erroneous SIP Processing Vulnerabilities Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20080903-asa.shtml |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-399 | Resource Management Errors |
| 33 % | CWE-200 | Information Exposure |
| 33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Hardware | 3 | |
| Hardware | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 47924 | Cisco PIX / ASA Clientless VPN Termination Remote Information Disclosure |
| 47923 | Cisco PIX / ASA SSL VPN URI Processing Error Unspecified Issue |
| 47922 | Cisco PIX / ASA SSL VPN Crafted Packet Remote Memory Leak Remote DoS |
| 47921 | Cisco PIX / ASA IPSec Client Crafted Authentication Request Unspecified Issue |
| 47920 | Cisco PIX / ASA SIP Packet Processing Remote DoS |
