漏洞标题
N/A
漏洞描述信息
在Cisco ASA软件9.6(2.1)之前的身份防火墙功能中,有一个漏洞,可能导致未验证的远程攻击者使受影响的系统重新加载或远程执行代码。该漏洞是由于受影响代码区域的缓冲区溢出导致的。攻击者可以通过向 ASA 软件发送精心 crafted 的 NetBIOS Packet 来利用此漏洞。利用此漏洞可以使攻击者执行任意代码并获取系统完全控制,或者使受影响的系统重新加载。注意:仅向受影响系统发送的流量可用于利用此漏洞。该漏洞会影响配置在路由和透明防火墙模式下以及单或多上下文模式下的系统。该漏洞可以通过 IPv4 流量触发。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Cisco Adaptive Security Appliance Software 缓冲区错误漏洞
漏洞描述信息
Cisco ASA(Adaptive Security Appliances,自适应安全设备)Software是美国思科(Cisco)公司的一套防火墙和网络安全平台。该平台提供了对数据和网络资源的高度安全的访问等功能。 Cisco ASA Software 9.6(2.1)之前的版本中的Identity Firewall功能存在缓冲区溢出漏洞。远程攻击者可通过发送特制的NetBIOS数据包利用该漏洞执行任意代码,完全控制系统或造成受影响的系统重载。运行Cisco ASA Software的以下产品受到影响
CVSS信息
N/A
漏洞类别
缓冲区错误