Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106583
Kategorie:CISCO
Titel:Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
Zusammenfassung:A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless;SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap;overflow.
Beschreibung:Summary:
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless
SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap
overflow.

Vulnerability Insight:
The vulnerability is due to insufficient validation of user supplied input.
An attacker could exploit this vulnerability by sending a crafted URL to the affected system.

Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability
affects systems configured in routed firewall mode only and in single or multiple context mode. This
vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack.
The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal.

Vulnerability Impact:
An exploit could allow the remote attacker to cause a reload of the affected
system or potentially execute code.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
8.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-3807
BugTraq ID: 96161
http://www.securityfocus.com/bid/96161
https://www.exploit-db.com/exploits/41369/
http://www.securitytracker.com/id/1037797
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.