CISCO : Cisco ASA Clientless VPN Information Disclosure and DoS Vulnerability (cisco-sa-20141008-asa)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105985

Categoría: CISCO

Título: Cisco ASA Clientless VPN Information Disclosure and DoS Vulnerability (cisco-sa-20141008-asa)

Resumen: A vulnerability in the Clientless SSL VPN portal feature could; allow an unauthenticated, remote attacker to access random memory locations. Due to this; vulnerability, the attacker may be able to access the information stored in memory and in some; cases may be able to corrupt this portion of memory, which could lead to a reload of the affected; system.

Descripción: Summary:
A vulnerability in the Clientless SSL VPN portal feature could
allow an unauthenticated, remote attacker to access random memory locations. Due to this
vulnerability, the attacker may be able to access the information stored in memory and in some
cases may be able to corrupt this portion of memory, which could lead to a reload of the affected
system.

Vulnerability Insight:
The vulnerability is due to insufficient sanitization of
user-supplied input. An authenticated, remote attacker could exploit this vulnerability by
setting random values on parameters passed during access to the Clientless SSL VPN portal.

Vulnerability Impact:
A successful exploit could allow the attacker to access
sensitive information in memory. In some cases, the attacker could corrupt a portion of memory
that could cause the targeted device to reload abnormally. Repeated exploitation could lead to a
sustained DoS condition for legitimate users.

Affected Software/OS:
Cisco ASA version 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and 9.3.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
8.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3392
Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105985
Categoría:	CISCO
Título:	Cisco ASA Clientless VPN Information Disclosure and DoS Vulnerability (cisco-sa-20141008-asa)
Resumen:	A vulnerability in the Clientless SSL VPN portal feature could; allow an unauthenticated, remote attacker to access random memory locations. Due to this; vulnerability, the attacker may be able to access the information stored in memory and in some; cases may be able to corrupt this portion of memory, which could lead to a reload of the affected; system.
Descripción:	Summary: A vulnerability in the Clientless SSL VPN portal feature could allow an unauthenticated, remote attacker to access random memory locations. Due to this vulnerability, the attacker may be able to access the information stored in memory and in some cases may be able to corrupt this portion of memory, which could lead to a reload of the affected system. Vulnerability Insight: The vulnerability is due to insufficient sanitization of user-supplied input. An authenticated, remote attacker could exploit this vulnerability by setting random values on parameters passed during access to the Clientless SSL VPN portal. Vulnerability Impact: A successful exploit could allow the attacker to access sensitive information in memory. In some cases, the attacker could corrupt a portion of memory that could cause the targeted device to reload abnormally. Repeated exploitation could lead to a sustained DoS condition for legitimate users. Affected Software/OS: Cisco ASA version 8.2, 8.3, 8.4, 8.6, 9.0, 9.1, 9.2 and 9.3. Solution: See the referenced vendor advisory for a solution. CVSS Score: 8.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3392 Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Copyright	Copyright (C) 2015 Greenbone Networks GmbH