Lucene search

K
ciscoCiscoCISCO-SA-20160115-ASA
HistoryJan 15, 2016 - 10:23 p.m.

Cisco Adaptive Security Appliance Information Disclosure Vulnerability

2016-01-1522:23:00
tools.cisco.com
21

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

43.5%

A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.

The vulnerability occurs because the Cisco ASA does not sufficiently protect sensitive data during a Cisco AnyConnect client authentication attempt. An attacker could exploit the vulnerability by attempting to authenticate to the Cisco ASA with AnyConnect.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa”]

Affected configurations

Vulners
Node
ciscoadaptive_security_appliance_softwareMatch8.4
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1
OR
ciscoadaptive_security_appliance_softwareMatch8.4.2
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.1.11
OR
ciscoadaptive_security_appliance_softwareMatch8.4.2.8
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3.8
OR
ciscoadaptive_security_appliance_softwareMatch8.4.3.9
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4.1
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4.5
OR
ciscoadaptive_security_appliance_softwareMatch8.4.4.9
OR
ciscoadaptive_security_appliance_softwareMatch8.4.5
OR
ciscoadaptive_security_appliance_softwareMatch8.4.5.6
OR
ciscoadaptive_security_appliance_softwareMatch8.4.6
OR
ciscoadaptive_security_appliance_softwareMatch8.4.2.1
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.3
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.15
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.22
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.23
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.26
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.28
OR
ciscoadaptive_security_appliance_softwareMatch8.4.7.29
VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.1.11cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.2.8cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3.8cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.3.9cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 261

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

43.5%

Related for CISCO-SA-20160115-ASA