Vulnerabilities > Cisco > Adaptive Security Appliance 5500 > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-29 | CVE-2009-4455 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. | 6.5 |
| 2009-04-09 | CVE-2009-1160 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | 4.3 |
| 2009-04-09 | CVE-2009-1159 | Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets. | 7.8 |
| 2009-04-09 | CVE-2009-1158 | Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet. | 7.8 |
| 2009-04-09 | CVE-2009-1157 | Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet. | 7.8 |
| 2009-04-09 | CVE-2009-1156 | Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. | 5.7 |
| 2009-04-09 | CVE-2009-1155 | Improper Authentication vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors. | 7.8 |
| 2008-09-04 | CVE-2008-2736 | Information Exposure vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636. | 7.1 |
| 2008-09-04 | CVE-2008-2735 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369. | 7.1 |
| 2008-09-04 | CVE-2008-2734 | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1 Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472. | 7.1 |