This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote SSL VPN Server is vulnerable to various flaws
The remote host is a Cisco Adaptive Security Appliance (ASA). The
remote version of the software used on this appliance is affected by
the following security flaws :
- A TCP connection exhaustion denial of service
- Two Session Initiation Protocol (SIP) inspection denial
of service vulnerabilities. (CVE-2010-0150 and
- A Skinny Client Control Protocol (SCCP) inspection
denial of service vulnerability. (CVE-2010-0151)
- A WebVPN Datagram Transport Layer Security (DTLS) denial
of service vulnerability. (CVE-2010-0565)
- A crafted TCP segment denial of service vulnerability.
- A crafted Internet Key Exchange (IKE) message denial of
service vulnerability. (CVE-2010-0567)
- An NT LAN Manager version 1 (NTLMv1) authentication
bypass vulnerability. (CVE-2010-0568)
An attacker could exploit these flaws to crash the remote device, or
to log into the remote VPN (when configured to use NTLMv1
See also :
Install the appropriate firmware upgrade as described in the vendor's
Risk factor :
High / CVSS Base Score : 9.4
CVSS Temporal Score : 7.8
Public Exploit Available : true
Nessus Plugin ID: 44914 ()
Bugtraq ID: 3827438275382763827738278382793828038281
CVE ID: CVE-2010-0149CVE-2010-0150CVE-2010-0151CVE-2010-0565CVE-2010-0566CVE-2010-0567CVE-2010-0568CVE-2010-0569
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.