Vulnerabilities > Cisco > Adaptive Security Appliance Software > 7.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-20269 Incorrect Authorization vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.
network
low complexity
cisco CWE-863
critical
9.1
2022-05-03 CVE-2022-20715 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
8.6
2022-05-03 CVE-2022-20737 Out-of-bounds Write vulnerability in Cisco Adaptive Security Appliance Software
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device.
network
low complexity
cisco CWE-787
7.1
2022-05-03 CVE-2022-20742 Unspecified vulnerability in Cisco Firepower Threat Defense
A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel.
network
high complexity
cisco
7.4
2022-05-03 CVE-2022-20745 Improper Input Validation vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2022-05-03 CVE-2022-20759 Improper Privilege Management vulnerability in Cisco Firepower Threat Defense
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15.
network
low complexity
cisco CWE-269
8.8
2022-05-03 CVE-2022-20760 Resource Exhaustion vulnerability in Cisco Firepower Threat Defense
A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device.
network
low complexity
cisco CWE-400
7.5
2020-10-21 CVE-2020-3585 Information Exposure Through Discrepancy vulnerability in Cisco products
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
high complexity
cisco CWE-203
3.7
2020-10-21 CVE-2020-3582 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2020-10-21 CVE-2020-3581 Cross-site Scripting vulnerability in Cisco products
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.
network
low complexity
cisco CWE-79
6.1