7.8 - cisco-sa-20090408-asa

Executive Summary

Summary
Title	Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances

Informations
Name	cisco-sa-20090408-asa	First vendor Publication	2009-03-11
Vendor	Cisco	Last vendor Modification	2009-04-08
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. This security advisory outlines the details of these vulnerabilities:

* VPN Authentication Bypass when Account Override Feature is Used vulnerability

* Crafted HTTP packet denial of service (DoS) vulnerability

* Crafted TCP Packet DoS vulnerability

* Crafted H.323 packet DoS vulnerability

* SQL*Net packet DoS vulnerability

* Access control list (ACL) bypass vulnerability

Workarounds are available for some of the vulnerabilities.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9 (...)

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-287	Improper Authentication
50 %	CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Cisco Adaptive Security Appliance 5500 cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:::::::* cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:::::::* cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:::::::* cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:::::::* cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.0:::::::*	5
Hardware	Cisco Pix cpe:2.3:h:cisco:pix:8.1:::::::* cpe:2.3:h:cisco:pix:8.0:::::::* cpe:2.3:h:cisco:pix:7.2:::::::* cpe:2.3:h:cisco:pix:7.1:::::::* cpe:2.3:h:cisco:pix:7.0:::::::*	5

Open Source Vulnerability Database (OSVDB)

Id	Description
53447	Cisco PIX / ASA Implicit Deny ACE Unspecified ACL Bypass PIX and ASA contain a flaw that may allow traffic to bypass the implicit deny statement of an ACL. It is possible that the flaw may allow unauthorized network traffic resulting in a loss of integrity.
53446	Cisco PIX / ASA SQL*Net Malformed Packet Sequence Remote DoS
53445	Cisco PIX / ASA Malformed TCP Packet Memory Consumption Remote DoS
53444	Cisco PIX / ASA H.323 Inspection Packet Handling Remote DoS
53442	Cisco PIX / ASA HTTP Packet Handling Remote DoS
53441	Cisco PIX / ASA Overide Account Feature VPN Authentication Bypass

Global Informations

Type	Count
CWE ID(s)	2
CPE ID(s)	10
osvdb(s)	6

	Related
7.8	CVE-2009-1159
7.8	CVE-2009-1158
7.8	CVE-2009-1157
7.8	CVE-2009-1155
5.7	CVE-2009-1156
4.3	CVE-2009-1160
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

7.8 - cisco-sa-20090408-asa

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU