The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PIX

computer vulnerability bulletin CVE-2013-5560

Cisco ASA: denial of service via IPv6 NAT

Synthesis of the vulnerability

An attacker can send an IPv6 packet, which is translated on Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 12/11/2013.
Identifiers: BID-63650, CSCue34342, CVE-2013-5560, VIGILANCE-VUL-13738.

Description of the vulnerability

An attacker can send an IPv6 packet, which is translated on Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-5568

Cisco ASA: denial of service via Auto-Update

Synthesis of the vulnerability

An attacker can provide malicious Auto-Update data, to reload Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 12/11/2013.
Identifiers: BID-63628, CSCui33308, CVE-2013-5568, VIGILANCE-VUL-13737.

Description of the vulnerability

An attacker can provide malicious Auto-Update data, to reload Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-6682

Cisco ASA: altering the Phone Proxy Database

Synthesis of the vulnerability

An attacker can use an untrusted certificate, in order to insert an entry in the Phone Proxy Database of Cisco ASA.
Impacted products: ASA.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet client.
Creation date: 12/11/2013.
Identifiers: BID-63624, CSCui33299, CVE-2013-6682, VIGILANCE-VUL-13736.

Description of the vulnerability

An attacker can use an untrusted certificate, in order to insert an entry in the Phone Proxy Database of Cisco ASA.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-5561

Cisco ASA: bypassing CX Safe Search Policy

Synthesis of the vulnerability

An attacker can send a special HTTP query, in order to bypass Cisco ASA CX Context-Aware Security.
Impacted products: ASA.
Severity: 2/4.
Consequences: data flow.
Provenance: intranet client.
Creation date: 04/11/2013.
Identifiers: BID-63492, CSCui94622, CVE-2013-5561, VIGILANCE-VUL-13692.

Description of the vulnerability

An attacker can send a special HTTP query, in order to bypass Cisco ASA CX Context-Aware Security.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-5551

Cisco ASA: denial of service via SSL VPN Rewriter

Synthesis of the vulnerability

An attacker can generate an error in the SSL VPN Rewriter of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user account.
Creation date: 30/10/2013.
Identifiers: BID-63406, CSCui51199, CVE-2013-5551, VIGILANCE-VUL-13669.

Description of the vulnerability

The Cisco ASA product allows authenticated users to browse in the Clientless SSL VPN Portal.

However, when same-security-traffic and management-access are configured, an attacker can modify his url, to create an infinite recursive call.

An attacker can therefore generate an error in the SSL VPN Rewriter of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-5544

Cisco ASA: denial of service via username-from-cert

Synthesis of the vulnerability

When Cisco ASA is configured with a "username-from-cert" VPN authentication, an attacker can send numerous IKE queries, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 22/10/2013.
Identifiers: BID-63262, CSCua91108, CVE-2013-5544, VIGILANCE-VUL-13630.

Description of the vulnerability

When Cisco ASA is configured with a "username-from-cert" VPN authentication, an attacker can send numerous IKE queries, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-3415 CVE-2013-5507 CVE-2013-5508

Cisco ASA: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco ASA.
Impacted products: ASA.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 10.
Creation date: 09/10/2013.
Identifiers: BID-62910, BID-62911, BID-62912, BID-62913, BID-62914, BID-62915, BID-62916, BID-62917, BID-62919, BID-63202, CERTA-2013-AVI-569, cisco-sa-20131009-asa, CSCtt36737, CSCua22709, CSCub98434, CSCud37992, CSCue18975, CSCuf52468, CSCug03975, CSCug83401, CSCuh44815, CSCui34914, CSCui77398, CVE-2013-3415, CVE-2013-5507, CVE-2013-5508, CVE-2013-5509, CVE-2013-5510, CVE-2013-5511, CVE-2013-5512, CVE-2013-5513, CVE-2013-5515, CVE-2013-5542, VIGILANCE-VUL-13577.

Description of the vulnerability

Several vulnerabilities were announced in Cisco ASA.

An attacker can send an ICMP packet in a VPN tunnel, in order to trigger a denial of service. [severity:3/4; BID-62910, CSCue18975, CVE-2013-5507]

An attacker can send a SQL*Net TNS (Transparent Network Substrate) packet, in order to trigger a denial of service. [severity:2/4; BID-62912, CSCub98434, CSCui34914, CVE-2013-5508]

An attacker can bypass the certificate authentication. [severity:4/4; BID-62911, CSCuf52468, CVE-2013-5509]

An attacker can bypass the VPN authentication. [severity:3/4; BID-62914, CSCug83401, CVE-2013-5510]

An attacker can bypass the HTTP certificate authentication. [severity:4/4; BID-62917, CSCuh44815, CVE-2013-5511]

An attacker can send an HTTP packet, in order to trigger a denial of service. [severity:3/4; BID-62916, CSCud37992, CVE-2013-5512]

An attacker can send a DNS packet, in order to trigger a denial of service. [severity:3/4; BID-62913, CSCug03975, CVE-2013-5513]

An attacker can use all memory via AnyConnect SSL VPN, in order to trigger a denial of service. [severity:3/4; BID-62915, CSCtt36737, CVE-2013-3415]

An attacker can send an HTTPS query to the Clientless SSL VPN, in order to trigger a denial of service. [severity:3/4; BID-62919, CSCua22709, CVE-2013-5515]

An attacker can send an ICMP packet, in order to trigger a denial of service. [severity:3/4; BID-63202, CSCui77398, CVE-2013-5542]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-3458

Cisco ASA: denial of service via Certificate Processing

Synthesis of the vulnerability

An attacker can use a heavy SSL/TLS traffic load, in order to trigger a denial of service during the certificate processing of Cisco ASA.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 06/09/2013.
Identifiers: BID-62251, CSCuh19462, CVE-2013-3458, VIGILANCE-VUL-13358.

Description of the vulnerability

An attacker can use a heavy SSL/TLS traffic load, in order to trigger a denial of service during the certificate processing of Cisco ASA.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-3463

Cisco ASA: denial of service via Idle Timeout

Synthesis of the vulnerability

An attacker can send packets which are inspected by Cisco ASA, to generate an error in the management of the Idle Timeout, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: intranet client.
Creation date: 30/08/2013.
Identifiers: CSCuh13899, CVE-2013-3463, VIGILANCE-VUL-13338.

Description of the vulnerability

An attacker can send packets which are inspected by Cisco ASA, to generate an error in the management of the Idle Timeout, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-3414

Cisco ASA: Cross Site Scripting of WebVPN

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in WebVPN of Cisco ASA, in order to execute JavaScript code in the context of the web site.
Impacted products: ASA.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/07/2013.
Identifiers: BID-61451, CSCug83080, CVE-2013-3414, VIGILANCE-VUL-13166.

Description of the vulnerability

The Cisco ASA product offers a WebVPN portal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in WebVPN of Cisco ASA, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PIX: