Vulnerabilities > Cisco > ASA 5580

DATE CVE VULNERABILITY TITLE RISK
2010-06-29 CVE-2009-4914 Resource Management Errors vulnerability in Cisco ASA 5580
Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879.
network
low complexity
cisco CWE-399
7.8
7.8
2010-06-29 CVE-2009-4913 Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580
The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622.
network
low complexity
cisco CWE-264
5.0
5.0
2010-06-29 CVE-2009-4912 Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
network
low complexity
cisco CWE-264
critical
 10.0
10
2010-06-29 CVE-2009-4911 Unspecified vulnerability in Cisco ASA 5580 8.1(1)
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device crash) via vectors involving SSL VPN and PPPoE transactions, aka Bug ID CSCsm77958.
network
low complexity
cisco
7.8
7.8
2010-06-29 CVE-2009-4910 Cross-Site Scripting vulnerability in Cisco ASA 5580
Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418.
network
cisco CWE-79
4.3
4.3
2010-06-29 CVE-2008-7257 Improper Input Validation vulnerability in Cisco ASA 5580 8.1(1)
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163.
network
cisco CWE-20
4.3
4.3