Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.
CVSS Information
N/A
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
多款Cisco产品安全漏洞
Vulnerability Description
Cisco ASA 5500 Series Adaptive Security Appliances等都是美国思科(Cisco)公司的下一代防火墙安全设备。 多款Cisco产品中的Cisco ASA Software的‘Clientless SSL VPN’函数的Common Internet Filesystem (CIFS)代码存在安全漏洞,该漏洞源于程序没有充分的检测用户提交的输入。远程攻击者可通过向受影响的系统发送特制的URL利用该漏洞造成受影响设备重载或执行代码。以下产品受到影响:Cisco A
CVSS Information
N/A
Vulnerability Type
N/A