漏洞信息
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
漏洞描述信息
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
多款Cisco产品ASA Software和Firepower Threat Defense Software 输入验证错误漏洞
漏洞描述信息
Cisco 3000 Series Industrial Security Appliance(ISA)等都是美国思科(Cisco)公司的安全设备。ASA Software和Firepower Threat Defense (FTD) Software都是分别运行在不同设备中的操作系统。 多款Cisco产品中的ASA Software和FTD Software的Web界面存在输入验证漏洞,该漏洞源于程序缺少对HTTP URL的正确验证。远程攻击者可通过向受影响设备发送特制的HTTP请求利用该漏洞造成拒绝服
CVSS信息
N/A
漏洞类别
路径遍历