| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.
This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts. |
| Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition. |
| Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition. |
| A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files.
This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context.
Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack. |
| Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.
This vulnerability is due to incomplete error checking when parsing the Multicast DNS fields of the HTTP header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
| Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.
This vulnerability is due to incomplete error checking when parsing remote procedure call (RPC) data. An attacker could exploit this vulnerability by sending crafted RPC packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
| A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device.
This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks. |
| A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly.
This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features. |
| A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
| A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
| A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.
Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. |
| A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In production, Cloudflare's edge intercepts /cdn-cgi/image/ requests before they reach the Worker. However, by substituting a backslash for a forward slash (/cdn-cgi\image/ instead of /cdn-cgi/image/), an attacker can bypass edge interception and have the request reach the Worker directly. The JavaScript URL class then normalizes the backslash to a forward slash, causing the request to match the handler and trigger an unvalidated fetch of arbitrary remote URLs.
For example:
https://victim-site.com/cdn-cgi\image/aaaa/https://attacker.com
In this example, attacker-controlled content from attacker.com is served through the victim site's domain (victim-site.com), violating the same-origin policy and potentially misleading users or other services.
Note: This bypass only works via HTTP clients that preserve backslashes in paths (e.g., curl --path-as-is). Browsers normalize backslashes to forward slashes before sending requests.
Additionally, Cloudflare Workers with Assets and Cloudflare Pages suffer from a similar vulnerability. Assets stored under /cdn-cgi/ paths are not publicly accessible under normal conditions. However, using the same backslash bypass (/cdn-cgi\... instead of /cdn-cgi/...), these assets become publicly accessible. This could be used to retrieve private data. For example, Open Next projects store incremental cache data under /cdn-cgi/_next_cache, which could be exposed via this bypass. |
| A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition.
Note: TLS 1.3 is not affected by this vulnerability. |
| A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped.
This vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied. |
| A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability.
This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition. |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key.
This vulnerability is due to insufficient input validation when processing OSPF link-state update (LSU) packets. An attacker could exploit this vulnerability by sending crafted OSPF LSU packets. A successful exploit could allow the attacker to corrupt the heap, causing the device to reload, resulting in a DoS condition. |
| A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process. |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
