Vulnerability CVE-2010-2816


Published: 2010-08-09

Description:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.

Type:

CWE-noinfo

Vendor: Cisco
Product: Adaptive security appliance 
Version:
8.2(2)
8.2(1)
8.2
8.1(2)
8.1(1)
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
Product: Asa 5500 
Product: Asa 5505 
Product: Asa 5510 
Product: Asa 5520 
Product: Asa 5540 
Product: Asa 5550 
Product: Asa 5580 
Product: Pix 500 
Product: Pix 501 
Product: Pix 506e 
Product: Pix firewall 506 
Product: Pix firewall 515 
Product: Pix firewall 520 
Product: Pix firewall 525 
Product: Pix firewall 535 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml
http://www.securityfocus.com/bid/42189
http://secunia.com/advisories/40842

Related CVE
CVE-2017-12270
A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vul...
CVE-2017-12269
A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affect...
CVE-2017-12265
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interf...
CVE-2017-12258
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide suffi...
CVE-2017-12256
A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to ce...
CVE-2017-12257
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to ...
CVE-2017-12239
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating s...
CVE-2017-12240
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could ...

Copyright 2017, cxsecurity.com

 

Back to Top