The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ASA

vulnerability alert CVE-2018-15465

Cisco ASA: privilege escalation via Web Management Interface

Synthesis of the vulnerability

An attacker can bypass restrictions via Web Management Interface of Cisco ASA, in order to escalate his privileges.
Impacted products: ASA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading, data creation/edition.
Provenance: user account.
Creation date: 20/12/2018.
Identifiers: CERTFR-2018-AVI-605, cisco-sa-20181219-asa-privesc, CSCvm53531, CSCvn65527, CVE-2018-15465, VIGILANCE-VUL-28061.

Description of the vulnerability

An attacker can bypass restrictions via Web Management Interface of Cisco ASA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15454

Cisco ASA: denial of service via SIP Inspection

Synthesis of the vulnerability

An attacker can generate a fatal error via SIP Inspection of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 05/11/2018.
Identifiers: cisco-sa-20181031-asaftd-sip-dos, CSCvm43975, CVE-2018-15454, VIGILANCE-VUL-27670, VU#339704.

Description of the vulnerability

An attacker can generate a fatal error via SIP Inspection of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-15399

Cisco ASA: buffer overflow via TCP Syslog

Synthesis of the vulnerability

An attacker can generate a buffer overflow via TCP Syslog of Cisco ASA, in order to trigger a denial of service, and possibly to run code.
Impacted products: ASA.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-asa-syslog-dos, CSCvh73829, CVE-2018-15399, VIGILANCE-VUL-27400.

Description of the vulnerability

An attacker can generate a buffer overflow via TCP Syslog of Cisco ASA, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-15398

Cisco ASA: privilege escalation via ACL Per-user-override

Synthesis of the vulnerability

An attacker can bypass restrictions via ACL Per-user-override of Cisco ASA, in order to escalate his privileges.
Impacted products: ASA.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-asa-acl-bypass, CSCvj91858, CVE-2018-15398, VIGILANCE-VUL-27397.

Description of the vulnerability

An attacker can bypass restrictions via ACL Per-user-override of Cisco ASA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0296

Cisco ASA: denial of service via Web Services

Synthesis of the vulnerability

An attacker can generate a fatal error via Web Services of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-393, cisco-sa-20180606-asaftd, CSCvi16029, CVE-2018-0296, VIGILANCE-VUL-26991.

Description of the vulnerability

An attacker can generate a fatal error via Web Services of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0296

Cisco ASA: denial of service via HTTP URL

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP URL of Cisco ASA, in order to trigger a denial of service or to read information.
Impacted products: ASA.
Severity: 3/4.
Consequences: data reading, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 07/06/2018.
Revision date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-asaftd, CSCvi16029, CVE-2018-0296, VIGILANCE-VUL-26340.

Description of the vulnerability

An attacker can generate a fatal error via HTTP URL of Cisco ASA, in order to trigger a denial of service or to read information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0233

Cisco ASA Firepower: denial of service via SSL Packet Reassembly

Synthesis of the vulnerability

An attacker can generate a fatal error via SSL Packet Reassembly of Cisco ASA Firepower, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 20/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-fpsnort, CSCve23031, CVE-2018-0233, VIGILANCE-VUL-25935.

Description of the vulnerability

An attacker can generate a fatal error via SSL Packet Reassembly of Cisco ASA Firepower, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0229

Cisco ASA, Cisco AnyConnect: privilege escalation via SAML Authentication Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client, ASA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asaanyconnect, CSCvg65072, CSCvh87448, CVE-2018-0229, VIGILANCE-VUL-25923.

Description of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0240

Cisco ASA: denial of service via Application Layer Protocol Inspection

Synthesis of the vulnerability

An attacker can generate a fatal error via Application Layer Protocol Inspection of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa_inspect, CSCve61540, CSCvh23085, CSCvh95456, CVE-2018-0240, VIGILANCE-VUL-25922.

Description of the vulnerability

An attacker can generate a fatal error via Application Layer Protocol Inspection of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0231

Cisco ASA: denial of service via TLS

Synthesis of the vulnerability

An attacker can generate a fatal error via TLS of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa3, CSCve18902, CSCve34335, CSCve38446, CVE-2018-0231, VIGILANCE-VUL-25921.

Description of the vulnerability

An attacker can generate a fatal error via TLS of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ASA: