Vulnerability CVE-2011-3299


Published: 2011-10-06   Modified: 2012-02-13

Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972.

Type:

CWE-399

(Resource Management Errors)

Vendor: Cisco
Product: Adaptive security appliance software 
Version:
8.5(1)
8.5
8.4(2)
8.4(1.11)
8.4(1)
8.3(2)
8.3(1)
8.2.2
8.2.1
8.2(5)
8.2(4.4)
8.2(4.1)
8.2(4)
8.2(3.9)
8.2(3)
8.2(2)
8.2(1)
8.1
8.0.5
8.0.4
8.0.3
8.0.2
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2(5)
7.2(4)
7.2(3)
7.2(2.8)
7.2(2.7)
7.2(2.5)
7.2(2.48)
7.2(2.19)
7.2(2.18)
7.2(2.17)
7.2(2.16)
7.2(2.15)
7.2(2.14)
7.2(2.10)
7.2(2)
7.2(1.22)
7.2(1)
7.2
7.1
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4.3
7.0.4
7.0.2
7.0.1.4
7.0.1
7.0(8)
7.0(7)
7.0(6.7)
7.0(6)
7.0(5.2)
7.0(5)
7.0(4)
7.0(2)
7.0(1)
7.0(0)
7.0
See more versions on NVD
Product: Firewall services module software 
Version:
4.1(6)
4.1(5)
4.1(4)
4.1(3)
4.1(2)
4.1(1)
4.1
4.0(8)
4.0(7)
4.0(6)
4.0(5)
4.0(4)
4.0(3)
4.0(2)
4.0(15)
4.0(14)
4.0(13)
4.0(12)
4.0(11)
4.0(10)
4.0(1)
4.0
3.2(9)
3.2(8)
3.2(7)
3.2(6)
3.2(5)
3.2(4)
3.2(3)
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://xforce.iss.net/xforce/xfdb/70330
http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml

Related CVE
CVE-2018-15441
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL que...
CVE-2018-15451
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability ...
CVE-2018-15449
A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnera...
CVE-2018-15448
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance...
CVE-2018-15447
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-sup...
CVE-2018-15446
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest acces...
CVE-2018-15445
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. T...
CVE-2018-15439
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affect...

Copyright 2018, cxsecurity.com

 

Back to Top