| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Cisco PIX Software
Cisco ASA: bypassing uRPF
Synthesis of the vulnerability
An attacker can spoof a packet to Cisco ASA, so it is forwarded to the internal network.
Impacted products: ASA.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 13/08/2015.
Identifiers: 40440, CSCuv60724, CVE-2015-4321, VIGILANCE-VUL-17668.
Description of the vulnerability
The Cisco ASA product offers the Unicast Reverse Path Forwarding feature.
However, an attacker can spoof an internal IP address, in order to bypass uRPF.
An attacker can therefore spoof a packet to Cisco ASA, so it is forwarded to the internal network.
Full Vigil@nce bulletin... (Free trial) |
Cisco ASA: altering TLS packets
Synthesis of the vulnerability
An attacker can alter a TLS packet, without being detected by Cisco ASA.
Impacted products: ASA.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/07/2015.
Identifiers: 39919, CSCuu52976, CVE-2015-4458, CVE-2015-4558-ERROR, VIGILANCE-VUL-17412.
Description of the vulnerability
The Cisco ASA product uses the Cavium Networks module to process TLS packets.
However, it does not check the MAC of packets.
An attacker can therefore alter a TLS packet, without being detected by Cisco ASA.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: X.509 certification chain forgery
Synthesis of the vulnerability
An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, hMailServer, HP Switch, HP-UX, IRAD, Juniper J-Series, Junos OS, McAfee Email Gateway, McAfee NGFW, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, WinSCP, X2GoClient.
Severity: 3/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 09/07/2015.
Identifiers: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, cpuoct2017, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-103044, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.
Description of the vulnerability
A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.
The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.
This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.
An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Full Vigil@nce bulletin... (Free trial) |
Cisco ASA: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Cisco ASA.
Impacted products: ASA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 13.
Creation date: 08/10/2014.
Revision date: 09/07/2015.
Identifiers: CERTFR-2014-AVI-410, cisco-sa-20141008-asa, CSCtq52661, CSCul36176, CSCum00556, CSCum46027, CSCum56399, CSCum96401, CSCun10916, CSCun11074, CSCuo68327, CSCup36829, CSCuq28582, CSCuq29136, CSCuq41510, CSCuq47574, CVE-2014-3382, CVE-2014-3383, CVE-2014-3384, CVE-2014-3385, CVE-2014-3386, CVE-2014-3387, CVE-2014-3388, CVE-2014-3389, CVE-2014-3390, CVE-2014-3391, CVE-2014-3392, CVE-2014-3393, CVE-2014-3394, VIGILANCE-VUL-15448.
Description of the vulnerability
Several vulnerabilities were announced in Cisco ASA.
An attacker can use SQL REDIRECT packets, in order to trigger a denial of service in SQL*NET Inspection Engine. [severity:2/4; CSCum46027, CVE-2014-3382]
An attacker can use UDP packets, in order to trigger a denial of service in VPN IKE. [severity:3/4; CSCul36176, CVE-2014-3383]
An attacker can send IKEv2 packets, in order to trigger a denial of service. [severity:3/4; CSCum96401, CVE-2014-3384]
An attacker can send a malicious TCP packet, in order to trigger a denial of service in Health and Performance Monitoring. [severity:3/4; CSCum00556, CVE-2014-3385]
An attacker can send a malicious GTP packet, in order to trigger a denial of service. [severity:3/4; CSCum56399, CVE-2014-3386]
An attacker can send a malicious SunRPC packet, in order to trigger a denial of service. [severity:3/4; CSCun11074, CVE-2014-3387]
An attacker can send a malicious DNS packet, in order to trigger a denial of service. [severity:3/4; CSCuo68327, CVE-2014-3388]
An attacker can send a malicious VPN packet, in order to trigger a denial of service. [severity:3/4; CSCuq28582, CVE-2014-3389]
An authenticated attacker can use Virtual Network Management Center, in order to execute code. [severity:3/4; CSCuq41510, CSCuq47574, CVE-2014-3390]
An attacker can use LD_LIBRARY_PATH, in order to execute code. [severity:3/4; CSCtq52661, CVE-2014-3391]
An attacker can read a memory fragment via Clientless SSL VPN, in order to obtain sensitive information. [severity:2/4; CSCuq29136, CVE-2014-3392]
An attacker can alter objects in RAMFS, in order to escalate his privileges. [severity:2/4; CSCup36829, CVE-2014-3393]
An attacker can bypass the certificate validation of Smart Call Home Digital. [severity:2/4; CSCun10916, CVE-2014-3394]
Full Vigil@nce bulletin... (Free trial) |
Cisco Adaptive Security Appliance: denial of service via OSPFv2
Synthesis of the vulnerability
An attacker can send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 08/07/2015.
Identifiers: 39641, CVE-2015-4241, VIGILANCE-VUL-17325.
Description of the vulnerability
The Cisco Adaptive Security Appliance product implements the routing prototol OSPF version 2.
However, the server process does not handle some kinds of error in the packet format. When a packet matching one of these special cases is received, a fatal error occurs. This leads to device halt then device restart.
This vulverabiliry looks very like the one described in VIGILANCE-VUL-17301. (The two Cisco announces are almost word as word identical.)
An attacker can therefore send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Cisco Adaptive Security Appliance: denial of service via OSPFv2
Synthesis of the vulnerability
An attacker can send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: LAN.
Creation date: 03/07/2015.
Identifiers: 39612, CVE-2015-4239, VIGILANCE-VUL-17301.
Description of the vulnerability
The Cisco Adaptive Security Appliance product implements the routing prototol OSPF version 2.
However, the server process does not handle some kinds of error in the packet format. When a packet matching one of these special cases is received, a fatal error occurs. This leads to device halt then device restart.
An attacker can therefore send a specially crafted OSPFv2 packet to a device running Cisco Adaptive Security Appliance Software, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Cisco Adaptive Security Appliance: denial of service via SNMP
Synthesis of the vulnerability
An attacker can send malicious SNMP packets to Cisco Adaptive Security Appliance, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/07/2015.
Identifiers: 39611, CVE-2015-4238, VIGILANCE-VUL-17296.
Description of the vulnerability
The Cisco Adaptive Security Appliance product has a service to manage received SNMP packets.
However, under a hight traffic load, the processing of some SNMP packets trigger a fatal error, which leads to system halt then system restart.
An attacker can therefore send malicious SNMP packets to Cisco Adaptive Security Appliance, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Cisco Adaptive Security Appliance: lack of integrity check of IPsec flows
Synthesis of the vulnerability
An attacker can change IPsec packets or inject new ones to be handled by Cisco Adaptive Security Appliance, in order to corrupt the plain text.
Impacted products: ASA.
Severity: 1/4.
Consequences: data creation/edition, data flow.
Provenance: internet client.
Creation date: 18/06/2015.
Identifiers: 39366, CVE-2015-4550, VIGILANCE-VUL-17167.
Description of the vulnerability
The Cisco Adaptive Security Appliance product can use the cryptographic component Cavium Networks for checking the integrity of the packet flow.
However, when the used algorithm is AES with the GCM mode, the message authentication code is not verified.
An attacker can therefore change IPsec packets or inject new ones to be handled by Cisco Adaptive Security Appliance, in order to corrupt the plain text.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: use after free via DTLS
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via DTLS in OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, HP Switch, AIX, IRAD, McAfee Email and Web Security, McAfee Email Gateway, Data ONTAP 7-Mode, Snap Creator Framework, SnapManager, NetBSD, OpenSSL, openSUSE, Palo Alto Firewall PA***, PAN-OS, pfSense, RHEL, stunnel, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 12/06/2015.
Identifiers: 1961569, 9010038, 9010039, BSA-2015-006, c05184351, CERTFR-2015-AVI-257, cisco-sa-20150612-openssl, CVE-2014-8176, DSA-3287-1, HPSBHF03613, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1277-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, SA98, SB10122, SOL16920, USN-2639-1, VIGILANCE-VUL-17118.
Description of the vulnerability
The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol.
However, if data are received between the ChangeCipherSpec and Finished messages, OpenSSL frees a memory area before reusing it.
An attacker can therefore force the usage of a freed memory area via DTLS in OpenSSL, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: four vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, AnyConnect VPN Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Encryption, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Prime Network Control Systems, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, Cisco WSA, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FortiOS, FreeBSD, HP Operations, HP Switch, HP-UX, AIX, DB2 UDB, IRAD, Security Directory Server, SPSS Modeler, Tivoli Workload Scheduler, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SBR, McAfee Email and Web Security, McAfee Email Gateway, McAfee Web Gateway, Data ONTAP 7-Mode, Snap Creator Framework, SnapManager, NetBSD, NetScreen Firewall, ScreenOS, Nodejs Core, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, Puppet, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/06/2015.
Identifiers: 1450666, 1610582, 1647054, 1961111, 1961569, 1964113, 1964766, 1966038, 1970103, 1972125, 9010038, 9010039, BSA-2015-006, bulletinjul2015, c04760669, c05184351, c05353965, CERTFR-2015-AVI-257, CERTFR-2015-AVI-431, CERTFR-2016-AVI-128, CERTFR-2016-AVI-303, cisco-sa-20150612-openssl, cpuapr2017, cpuoct2017, CTX216642, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, DSA-3287-1, FEDORA-2015-10047, FEDORA-2015-10108, FreeBSD-SA-15:10.openssl, HPSBGN03678, HPSBHF03613, HPSBUX03388, JSA10694, JSA10733, NetBSD-SA2015-008, NTAP-20150616-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2015:2243-1, openSUSE-SU-2016:0640-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1115-01, RHSA-2015:1197-01, SA40002, SA98, SB10122, SOL16898, SOL16913, SOL16915, SOL16938, SSA:2015-162-01, SSRT102180, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, TNS-2015-07, TSB16728, USN-2639-1, VIGILANCE-VUL-17117.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
An attacker can generate an infinite loop via ECParameters, in order to trigger a denial of service. [severity:2/4; CVE-2015-1788]
An attacker can force a read at an invalid address in X509_cmp_time(), in order to trigger a denial of service. [severity:2/4; CVE-2015-1789]
An attacker can force a NULL pointer to be dereferenced via EnvelopedContent, in order to trigger a denial of service. [severity:2/4; CVE-2015-1790]
An attacker can generate an infinite loop via CMS signedData, in order to trigger a denial of service. [severity:2/4; CVE-2015-1792]
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Cisco PIX Software:
|