The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PIX

computer vulnerability alert CVE-2014-0655

Cisco ASA: modify the user cache of IDFW

Synthesis of the vulnerability

An attacker can send a RADIUS CoA (Change of Authorization) message to IDFW of Cisco ASA, in order to modify the user cache of IDFW.
Impacted products: ASA.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 08/01/2014.
Identifiers: BID-64700, CSCuj45332, CVE-2014-0655, VIGILANCE-VUL-14036.

Description of the vulnerability

An attacker can send a RADIUS CoA (Change of Authorization) message to IDFW of Cisco ASA, in order to modify the user cache of IDFW.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0653

Cisco ASA: denial of service via NetBIOS Logout Probe

Synthesis of the vulnerability

An attacker can send a malicious NetBIOS Logout Probe reply to Cisco ASA, in order to trigger a denial of service on the currently authorized user.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 08/01/2014.
Identifiers: BID-64708, CSCuj45340, CVE-2014-0653, VIGILANCE-VUL-14035.

Description of the vulnerability

The NetBIOS Logout Probe feature can be enabled on IDFW (Identity Firewall) of Cisco ASA.

An attacker can send a malicious NetBIOS Logout Probe reply to Cisco ASA, in order to trigger a denial of service on the currently authorized user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-6707

Cisco ASA: memory leak via Management

Synthesis of the vulnerability

An unauthenticated attacker can create a memory leak in the Management sessions (SSH, Telnet, HTTP and HTTPS) of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 06/12/2013.
Identifiers: BID-64148, CSCug33233, CVE-2013-6707, VIGILANCE-VUL-13886.

Description of the vulnerability

An unauthenticated attacker can create a memory leak in the Management sessions (SSH, Telnet, HTTP and HTTPS) of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6696

Cisco ASA: denial of service via DNS Reply

Synthesis of the vulnerability

An attacker can send malformed DNS replies to Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 02/12/2013.
Identifiers: BID-64037, CSCuj28861, CVE-2013-6696, VIGILANCE-VUL-13851.

Description of the vulnerability

An attacker can send malformed DNS replies to Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-5560

Cisco ASA: denial of service via IPv6 NAT

Synthesis of the vulnerability

An attacker can send an IPv6 packet, which is translated on Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 12/11/2013.
Identifiers: BID-63650, CSCue34342, CVE-2013-5560, VIGILANCE-VUL-13738.

Description of the vulnerability

An attacker can send an IPv6 packet, which is translated on Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-5568

Cisco ASA: denial of service via Auto-Update

Synthesis of the vulnerability

An attacker can provide malicious Auto-Update data, to reload Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: document.
Creation date: 12/11/2013.
Identifiers: BID-63628, CSCui33308, CVE-2013-5568, VIGILANCE-VUL-13737.

Description of the vulnerability

An attacker can provide malicious Auto-Update data, to reload Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-6682

Cisco ASA: altering the Phone Proxy Database

Synthesis of the vulnerability

An attacker can use an untrusted certificate, in order to insert an entry in the Phone Proxy Database of Cisco ASA.
Impacted products: ASA.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet client.
Creation date: 12/11/2013.
Identifiers: BID-63624, CSCui33299, CVE-2013-6682, VIGILANCE-VUL-13736.

Description of the vulnerability

An attacker can use an untrusted certificate, in order to insert an entry in the Phone Proxy Database of Cisco ASA.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-5561

Cisco ASA: bypassing CX Safe Search Policy

Synthesis of the vulnerability

An attacker can send a special HTTP query, in order to bypass Cisco ASA CX Context-Aware Security.
Impacted products: ASA.
Severity: 2/4.
Consequences: data flow.
Provenance: intranet client.
Creation date: 04/11/2013.
Identifiers: BID-63492, CSCui94622, CVE-2013-5561, VIGILANCE-VUL-13692.

Description of the vulnerability

An attacker can send a special HTTP query, in order to bypass Cisco ASA CX Context-Aware Security.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-5551

Cisco ASA: denial of service via SSL VPN Rewriter

Synthesis of the vulnerability

An attacker can generate an error in the SSL VPN Rewriter of Cisco ASA, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user account.
Creation date: 30/10/2013.
Identifiers: BID-63406, CSCui51199, CVE-2013-5551, VIGILANCE-VUL-13669.

Description of the vulnerability

The Cisco ASA product allows authenticated users to browse in the Clientless SSL VPN Portal.

However, when same-security-traffic and management-access are configured, an attacker can modify his url, to create an infinite recursive call.

An attacker can therefore generate an error in the SSL VPN Rewriter of Cisco ASA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-5544

Cisco ASA: denial of service via username-from-cert

Synthesis of the vulnerability

When Cisco ASA is configured with a "username-from-cert" VPN authentication, an attacker can send numerous IKE queries, in order to trigger a denial of service.
Impacted products: ASA.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 22/10/2013.
Identifiers: BID-63262, CSCua91108, CVE-2013-5544, VIGILANCE-VUL-13630.

Description of the vulnerability

When Cisco ASA is configured with a "username-from-cert" VPN authentication, an attacker can send numerous IKE queries, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PIX: