The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco Adaptive Security Appliance

computer vulnerability announce CVE-2017-12373 CVE-2017-17428

Cisco ACE/ASA: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Cisco ACE/ASA, in order to obtain sensitive information.
Impacted products: Cisco ACE, ASA.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/12/2017.
Revision date: 14/12/2017.
Identifiers: cisco-sa-20171212-bleichenbacher, CSCvg74693, CSCvg97652, CSCvh10981, CSCvh25064, CVE-2017-12373, CVE-2017-17428, VIGILANCE-VUL-24747.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack (VIGILANCE-VUL-24749) of Cisco ACE/ASA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-12299

Cisco ASA Next-Generation Firewall Services: privilege escalation via Local Management Filtering

Synthesis of the vulnerability

An attacker can bypass restrictions via Local Management Filtering of Cisco ASA Next-Generation Firewall Services, in order to escalate his privileges.
Impacted products: ASA.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-firepower1, CSCvd97962, CVE-2017-12299, VIGILANCE-VUL-24476.

Description of the vulnerability

An attacker can bypass restrictions via Local Management Filtering of Cisco ASA Next-Generation Firewall Services, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12245

Cisco ASA: memory leak via Firepower SSL Decryption

Synthesis of the vulnerability

An attacker can create a memory leak via Firepower SSL Decryption of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-ftd, CSCve02069, CVE-2017-12245, VIGILANCE-VUL-24034.

Description of the vulnerability

An attacker can create a memory leak via Firepower SSL Decryption of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-12244

Cisco ASA: denial of service via Firepower IPv6

Synthesis of the vulnerability

An attacker can generate a fatal error via Firepower IPv6 of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-fpsnort, CSCvd34776, CVE-2017-12244, VIGILANCE-VUL-24033.

Description of the vulnerability

An attacker can generate a fatal error via Firepower IPv6 of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12246

Cisco ASA: denial of service via Direct Authentication

Synthesis of the vulnerability

An attacker can generate a fatal error via Direct Authentication of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-asa, CSCvd59063, CVE-2017-12246, VIGILANCE-VUL-24032.

Description of the vulnerability

An attacker can generate a fatal error via Direct Authentication of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12265

Cisco ASA: Cross Site Scripting via HREF

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via HREF of Cisco ASA, in order to run JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-asa1, CSCve91068, CVE-2017-12265, VIGILANCE-VUL-24031.

Description of the vulnerability

The Cisco ASA product offers a web service.

However, it does not filter received data via HREF before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via HREF of Cisco ASA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6752

Cisco ASA: information disclosure via Username Enumeration

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of Cisco ASA, in order to obtain sensitive information.
Impacted products: ASA.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 03/08/2017.
Identifiers: cisco-sa-20170802-asa2, CSCvd47888, CVE-2017-6752, VIGILANCE-VUL-23444.

Description of the vulnerability

An attacker can bypass access restrictions to data via Username Enumeration of Cisco ASA, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6765

Cisco ASA: Cross Site Scripting via WebVPN

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via WebVPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/08/2017.
Identifiers: cisco-sa-20170802-asa1, CSCve19179, CVE-2017-6765, VIGILANCE-VUL-23443.

Description of the vulnerability

The Cisco ASA product offers a web service.

However, it does not filter received data via WebVPN before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via WebVPN of Cisco ASA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-6764

Cisco ASA: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco ASA, in order to run JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/08/2017.
Identifiers: cisco-sa-20170802-asa, CSCvd82064, CVE-2017-6764, VIGILANCE-VUL-23442.

Description of the vulnerability

The Cisco ASA product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco ASA, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco Adaptive Security Appliance: