Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Cisco PIX / ASA / FWSM (multiple bugs)
Опубликовано:15 февраля 2007 г.
Источник:
SecurityVulns ID:7242
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия при разборе HTTP, SIP, TCP трафика, повышение привилегий.
Затронутые продукты:CISCO : PIX 6.3
 CISCO : PIX 7.0
 CISCO : FWSM 2.3
 CISCO : PIX 7.1
 CISCO : ASA 7.0
 CISCO : ASA 7.1
 CISCO : FWSM 3.1
 CISCO : PIX 7.2
 CISCO : ASA 7.2
 CISCO : ASA 6.3
CVE:CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.)
 CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.)
 CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.)
 CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.)
 CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.)
 CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.)
 CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.)
 CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.)
 CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.)
 CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module (15.02.2007)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances (15.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород