漏洞标题
N/A
漏洞描述信息
在Cisco ASA Software 9.6(1.5)之前,本地证书管理器(CA)功能中的漏洞可能导致未验证的远程攻击者使受影响的系统重新加载。该漏洞是由于在 enrollment 操作中不当处理构造的包导致的。攻击者可以通过向受影响的系统发送构造的 enrollment 请求来利用此漏洞。利用此漏洞可以使攻击者导致受影响系统的重新加载。注意:只有指向Cisco ASA界面,当地 CA 允许用户 enrollment 的 HTTPS 包可用于触发此漏洞。此漏洞影响配置在路由防火墙模式和单个或多个上下文模式下的系统。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Cisco Adaptive Security Appliance 拒绝服务漏洞
漏洞描述信息
Cisco ASA(Adaptive Security Appliances,自适应安全设备)Software是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software 9.6(1.5)之前的版本中的本地Certificate Authority功能存在拒绝服务漏洞。远程攻击者可通过发送特制的注册请求利用该漏洞造成受影响的系统重载。运行Cisco ASA Software的以下产品受到影响:Cisco ASA 5500
CVSS信息
N/A
漏洞类别
输入验证错误