Vulnslist

find the latest Cisco vulnerabilities

Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA

cisco-sa-20080903-asa · High · Published · Updated

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances that may result in a reload of the device or disclosure of confidential information. This security advisory outlines details of the following vulnerabilities: Erroneous SIP Processing Vulnerabilities IPSec Client Authentication Processing Vulnerability SSL VPN Memory Leak Vulnerability URI Processing Error Vulnerability in SSL VPNs Potential Information Disclosure in Clientless VPNs Note:  These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080903-asa.

Cisco advisory · CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2008-2732, CVE-2008-2733, CVE-2008-2734, CVE-2008-2735, CVE-2008-2736
Cisco Bug IDsNA
CVSS ScoreBase 6.8
Base 6.8 AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Base 7.1 AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco PIX/ASA

Related Products

Product CVE Evidence
Cisco PIX/ASA CVE-2008-2736 Cisco OpenVuln
Cisco PIX/ASA CVE-2008-2735 Cisco OpenVuln
Cisco PIX/ASA CVE-2008-2734 Cisco OpenVuln
Cisco PIX/ASA CVE-2008-2733 Cisco OpenVuln
Cisco PIX/ASA CVE-2008-2732 Cisco OpenVuln