The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Adaptive Security Appliance

computer vulnerability CVE-2018-0233

Cisco ASA Firepower: denial of service via SSL Packet Reassembly

Synthesis of the vulnerability

An attacker can generate a fatal error via SSL Packet Reassembly of Cisco ASA Firepower, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 20/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-fpsnort, CSCve23031, CVE-2018-0233, VIGILANCE-VUL-25935.

Description of the vulnerability

An attacker can generate a fatal error via SSL Packet Reassembly of Cisco ASA Firepower, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0229

Cisco ASA, Cisco AnyConnect: privilege escalation via SAML Authentication Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client, ASA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asaanyconnect, CSCvg65072, CSCvh87448, CVE-2018-0229, VIGILANCE-VUL-25923.

Description of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0240

Cisco ASA: denial of service via Application Layer Protocol Inspection

Synthesis of the vulnerability

An attacker can generate a fatal error via Application Layer Protocol Inspection of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa_inspect, CSCve61540, CSCvh23085, CSCvh95456, CVE-2018-0240, VIGILANCE-VUL-25922.

Description of the vulnerability

An attacker can generate a fatal error via Application Layer Protocol Inspection of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0231

Cisco ASA: denial of service via TLS

Synthesis of the vulnerability

An attacker can generate a fatal error via TLS of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa3, CSCve18902, CSCve34335, CSCve38446, CVE-2018-0231, VIGILANCE-VUL-25921.

Description of the vulnerability

An attacker can generate a fatal error via TLS of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0228

Cisco ASA: denial of service via Flow Creation

Synthesis of the vulnerability

An attacker can generate a fatal error via Flow Creation of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa2, CSCvf63718, CVE-2018-0228, VIGILANCE-VUL-25920.

Description of the vulnerability

An attacker can generate a fatal error via Flow Creation of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0227

Cisco ASA: privilege escalation via VPN SSL Certificate Verification

Synthesis of the vulnerability

An attacker can bypass restrictions via VPN SSL Certificate Verification of Cisco ASA, in order to escalate his privileges.
Impacted products: ASA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asa1, CSCvg40155, CVE-2018-0227, VIGILANCE-VUL-25919.

Description of the vulnerability

An attacker can bypass restrictions via VPN SSL Certificate Verification of Cisco ASA, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0251

Cisco ASA: Cross Site Scripting via Clientless SSL VPN

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Clientless SSL VPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asawvpn2, CSCvh20742, CVE-2018-0251, VIGILANCE-VUL-25915.

Description of the vulnerability

The Cisco ASA product offers a web service.

However, it does not filter received data via Clientless SSL VPN before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Clientless SSL VPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0242

Cisco ASA: Cross Site Scripting via WebVPN

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via WebVPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asawvpn, CSCvg33985, CVE-2018-0242, VIGILANCE-VUL-25914.

Description of the vulnerability

The Cisco ASA product offers a web service.

However, it does not filter received data via WebVPN before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via WebVPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0101

Cisco ASA: use after free via webvpn

Synthesis of the vulnerability

An attacker can force a double memory free in the TLS server of the webvpn feature of Cisco ASA, in order to trigger a denial of service, or to run machine code with root privileges.
Impacted products: ASA.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 30/01/2018.
Revisions dates: 31/01/2018, 08/02/2018, 08/02/2018.
Identifiers: CERTFR-2018-ALE-002, CERTFR-2018-AVI-063, cisco-sa-20180129-asa1, CVE-2018-0101, VIGILANCE-VUL-25173.

Description of the vulnerability

An attacker can force a double memory free in the TLS server of the webvpn feature of Cisco ASA, in order to trigger a denial of service, or to run machine code with root privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12373 CVE-2017-17428

Cisco ACE/ASA: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Cisco ACE/ASA, in order to obtain sensitive information.
Impacted products: Cisco ACE, ASA.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/12/2017.
Revision date: 14/12/2017.
Identifiers: cisco-sa-20171212-bleichenbacher, CSCvg74693, CSCvg97652, CSCvh10981, CSCvh25064, CVE-2017-12373, CVE-2017-17428, VIGILANCE-VUL-24747.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Cisco ACE/ASA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Adaptive Security Appliance: