Vulnerability CVE-2012-5717


Published: 2013-01-18

Description:
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Cisco
Product: Adaptive security appliance software 
Version:
8.4(1)
8.4
8.3.2
8.3.1
8.3(2)
8.3(1)
8.2.3
8.2.2
8.2.1
8.2(5)
8.2(4.4)
8.2(4.1)
8.2(4)
8.2(3.9)
8.2(3)
8.2(2)
8.2(1)
8.2
8.1
8.0.5
8.0.4
8.0.3
8.0.2
8.0(5)
8.0(4)
8.0(3)
8.0(2)
8.0
Product: Adaptive security appliance 
Product: Asa 5500 
Product: Asa 1000v cloud firewall 

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.3/10
6.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5717

Related CVE
CVE-2019-1673
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is...
CVE-2019-1671
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an...
CVE-2019-1670
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected syst...
CVE-2019-1661
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management inte...
CVE-2019-1678
A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service (DoS) to Cisco Meetings application users who are paired with a Session Initiation Protocol (SIP) endpoint. The vulnerability i...
CVE-2019-1677
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input paramete...
CVE-2019-1675
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privile...
CVE-2019-1669
A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition. The vu...

Copyright 2019, cxsecurity.com

 

Back to Top