• Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• Cisco Adaptive Security Appliance Software versions prior to 7.x

This vulnerability is in SQL*NET inspection engine code of Cisco FWSM and due to improper handling of segmented Transparent Network Substrate (TNS) packets. An unauthenticated remote attacker could exploit this vulnerability sending a crafted sequence of segmented TNS packets through the affected system.

Successful exploitation of this vulnerability could allow a remote attacker to cause the device to reload which results in a DoS condition.

This vulnerability is in IPsec code of Cisco ASA software and due to an error in the code that decrypts packets transiting an active VPN tunnel. Post decryption the code fails to handle ICMP crafted packets. An unauthenticated remote attacker could exploit this vulnerability by sending crafted ICMP packets through an active VPN tunnel.

Successful exploitation of this vulnerability could allow a remote attacker to cause the device to reload that performs the decryption operation.

This vulnerability is in code for SSL certificate validation of Cisco ASA software and due to an error in handling a client crafted certificate during the authentication phase. An unauthenticated remote attacker could exploit this vulnerability by using a crafted certificate to authenticate to the affected system.

Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication requirements and gained unauthorized access to the targeted device because of improper processing of certificate.

This vulnerability is in the authentication code of the remote access VPN feature of Cisco ASA Software and due to improper parsing of the LDAP response packet received from a remote AAA LDAP server when the override-account-disable option is configured in the general-attributes of the tunnel-group. An unauthenticated remote attacker could exploit this vulnerability by attempting to authenticate via remote VPN to the affected system.

Successful exploitation of this vulnerability could allow a remote attacker to bypass the authentication and gain access to the network via remote VPN.

This vulnerability is in the authentication code of remote management via Cisco Adaptive Security Device Management (ASDM) and due to an error in the implementation of the authentication-certificate option which enables client-side digital certificate authentication. An unauthenticated remote attacker could exploit this vulnerability by trying to authenticate to an interface of the affected system where Cisco ASDM is enabled.

Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication checks and could gain unauthorized access to the device.

This vulnerability is in HTTP Deep Packet Inspection (DPI) code and due to improper handling of a race condition when the HTTP DPI engine is inspecting HTTP packets and either the spoof-server parameters option is enabled or the Cisco ASA Software is configured to inspect and mask the HTTP response including active-x or java-applet in the response body. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted HTTP response through the affected system.

Successful exploitation of this vulnerability could allow a remote attacker to reload the device after inspection of crafted HTTP packets which results in DoS condition.

This vulnerability is in the DNS Application Layer Protocol Inspection (ALPI) engine of Cisco ASA Software and due to improper processing of unsupported DNS over TCP packets by the DNS inspection engine.  An unauthenticated remote attacker could exploit this vulnerability by sending crafted DNS messages over TCP through an affected device.

Successful exploitation of this vulnerability could allow a remote attacker to reload the device after processing of malicious packets which results in DoS condition.

This vulnerability is in how Cisco ASA Software handles AnyConnect SSL VPN client connections and due to improperly clearing unused memory blocks after an AnyConnect SSL VPN client disconnects. An unauthenticated remote attacker could exploit this vulnerability by sending traffic to the IP address of the disconnected client.

Successful exploitation of this vulnerability could allow a remote attacker to exhaust of available memory resources due to repeated VPN connections that could cause the device to become unresponsive which results in DoS condition.

This vulnerability is in the Clientless SSL VPN code and due to improper handling of crafted HTTPS requests against the Cisco ASA Software configured for Clientless SSL VPN. An unauthenticated remote attacker could exploit this vulnerability by sending crafted HTTPS requests targeting the TCP port open for the Clientless SSL VPN feature.

Successful exploitation of this vulnerability could allow a remote attacker to reload the device which results in DoS condition.