Vulnerability CVE-2010-2815


Published: 2010-08-09   Modified: 2012-02-13

Description:
Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.

Type:

CWE-noinfo

Vendor: Cisco
Product: Adaptive security appliance 
Version:
8.3
8.2(2)
8.2(1)
8.2
8.1(2)
8.1(1)
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
7.2(5)
7.2(4)
7.2(3)
7.2(2.8)
7.2(2.7)
7.2(2.5)
7.2(2.48)
7.2(2.19)
7.2(2.17)
7.2(2.16)
7.2(2.15)
7.2(2.14)
7.2(2.10)
7.2(2)
7.2(1.22)
7.2(1)
Product: Adaptive security appliance software 
Version:
8.0
7.2(2.8)
7.2(2.7)
7.2(2.5)
7.2(2.48)
7.2(2.19)
7.2(2.17)
7.2(2.16)
7.2(2.15)
7.2(2.14)
7.2(2.10)
7.2(2)
7.2(1.22)
7.2(1)
Product: Asa 5550 
Product: Asa 5500 
Product: Pix firewall 520 
Product: Pix 500 
Product: Asa 5510 
Product: Pix firewall 535 
Product: Pix 506e 
Product: Asa 5540 
Product: Pix firewall 515 
Product: Asa 5580 
Product: Asa 5505 
Product: Pix firewall 525 
Product: Pix 501 
Product: Asa 5520 
Product: Pix firewall 506 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml
http://www.securityfocus.com/bid/42198

Related CVE
CVE-2019-1976
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improp...
CVE-2019-1939
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by t...
CVE-2019-12645
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to im...
CVE-2019-12644
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface...
CVE-2019-12635
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does ...
CVE-2019-12633
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to ...
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not pr...
CVE-2019-1977
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpo...

Copyright 2019, cxsecurity.com

 

Back to Top