6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.011 Low
EPSS
Percentile
84.4%
Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.2(2.1) contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system.
The vulnerability exists because the devices to not properly validate SSL/TLS certificates or SSH public keys from managed devices. An unauthenticated, remote attacker could exploit this vulnerability to impersonate devices managed by the system. An attacker could leverage this to gain access to sensitive information, such as authentication credentials, or submit false data to the system.
Exploit code is not required to exploit this vulnerability.
Cisco confirmed the
vulnerability with a security advisory and released updated software.
Because the affected applications do not validate the SSL/TLS certificates or SSH public keys presented by their managed devices, an attacker could set up a system with the same IP address as a vulnerable system and hope that a connection will be mistakenly made to the impersonating device rather than the legitimate one. This is a possibility, given the nature of IP routing, when there is more than one system on the network with the same IP address. However, erratic routing behavior is likely to result under these circumstances. Some packets may be sent to the legitimate system while others may be sent to the impersonator, making it harder for the attacker to obtain authentication credentials or to send misleading information.