Vulnerability CVE-2010-2815


Published: 2010-08-09   Modified: 2012-02-13

Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.

Type:

CWE-noinfo

Vendor: Cisco
Product: Adaptive security appliance 
Version:
8.3
8.2(2)
8.2(1)
8.2
8.1(2)
8.1(1)
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
7.2(5)
7.2(4)
7.2(3)
7.2(2.8)
7.2(2.7)
7.2(2.5)
7.2(2.48)
7.2(2.19)
7.2(2.17)
7.2(2.16)
7.2(2.15)
7.2(2.14)
7.2(2.10)
7.2(2)
7.2(1.22)
7.2(1)
Product: Adaptive security appliance software 
Version:
8.0
7.2(2.8)
7.2(2.7)
7.2(2.5)
7.2(2.48)
7.2(2.19)
7.2(2.17)
7.2(2.16)
7.2(2.15)
7.2(2.14)
7.2(2.10)
7.2(2)
7.2(1.22)
7.2(1)
Product: Asa 5550 
Product: Asa 5500 
Product: Pix firewall 520 
Product: Pix 500 
Product: Asa 5510 
Product: Pix firewall 535 
Product: Pix 506e 
Product: Asa 5540 
Product: Pix firewall 515 
Product: Asa 5580 
Product: Asa 5505 
Product: Pix firewall 525 
Product: Pix 501 
Product: Asa 5520 
Product: Pix firewall 506 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml
http://www.securityfocus.com/bid/42198

Related CVE
CVE-2019-16002
A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CS...
CVE-2019-15973
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application...
CVE-2019-15968
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management...
CVE-2019-15994
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected ...
CVE-2019-15972
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based managem...
CVE-2019-15986
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials....
CVE-2019-15987
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is...
CVE-2019-15995
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could...

Copyright 2019, cxsecurity.com

 

Back to Top