Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco ASA / FWSM
дополнено с 15 апреля 2013 г.
Опубликовано:22 апреля 2013 г.
Источник:
SecurityVulns ID:13011
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:CISCO : Cisco ASA 5500
 CISCO : Cisco ASA 1000V
CVE:CVE-2013-1194 (The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.)
 CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624.)
 CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 before 9.0(1.2) allow remote attackers to cause a denial of service (device reload) via a crafted field in a DNS message, aka Bug ID CSCuc80080.)
 CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5), 8.5 before 8.5(1.17), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3) allow remote attackers to cause a denial of service (device reload) via a crafted certificate, aka Bug ID CSCuc72408.)
 CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.)
 CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.28), 8.1 and 8.2 before 8.2(5.35), 8.3 before 8.3(2.34), 8.4 before 8.4(4.11), 8.6 before 8.6(1.10), and 8.7 before 8.7(1.3), and Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(24.1) and 4.0 and 4.1 before 4.1(11.1), allow remote attackers to cause a denial of service (device reload) via a crafted IKEv1 message, aka Bug IDs CSCub85692 and CSCud20267.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation (22.04.2013)
Файлы:Multiple Vulnerabilities in Cisco ASA Software
 Multiple Vulnerabilities in Cisco Firewall Services Module Software

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород