Vulnerability CVE-2010-2816


Published: 2010-08-09   Modified: 2012-02-13

Description:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.

Type:

CWE-noinfo

Vendor: Cisco
Product: Adaptive security appliance 
Version:
8.2(2)
8.2(1)
8.2
8.1(2)
8.1(1)
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
Product: Adaptive security appliance software 
Version: 8.0;
Product: Asa 5550 
Product: Asa 5500 
Product: Pix firewall 520 
Product: Pix 500 
Product: Asa 5510 
Product: Pix firewall 535 
Product: Pix 506e 
Product: Asa 5540 
Product: Pix firewall 515 
Product: Asa 5580 
Product: Asa 5505 
Product: Pix firewall 525 
Product: Pix 501 
Product: Asa 5520 
Product: Pix firewall 506 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml
http://www.securityfocus.com/bid/42189

Related CVE
CVE-2019-1904
A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protectio...
CVE-2019-1906
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper v...
CVE-2019-1905
A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improp...
CVE-2019-1903
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker cou...
CVE-2019-1899
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorizatio...
CVE-2019-1898
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of a...
CVE-2019-1897
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability i...
CVE-2019-1879
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-s...

Copyright 2019, cxsecurity.com

 

Back to Top