PT-2008-5169 · Cisco+1 · Cisco Asa 5500 Series+3

Publicado

2008-10-22

·

Atualizado

2017-09-29

·

CVE-2008-3815

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.0 through 7.0(8)2 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.1 through 7.1(2)77 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.2 through 7.2(4)15 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.0 through 8.0(4)5 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.1 through 8.1(1)12 Cisco PIX Security Appliances versions 7.0 through 7.0(8)2 Cisco PIX Security Appliances versions 7.1 through 7.1(2)77 Cisco PIX Security Appliances versions 7.2 through 7.2(4)15 Cisco PIX Security Appliances versions 8.0 through 8.0(4)5 Cisco PIX Security Appliances versions 8.1 through 8.1(1)12
Description The issue allows remote attackers to bypass VPN authentication via unknown vectors when the appliances are configured as a VPN using Microsoft Windows NT Domain authentication. Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances.
Recommendations For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.0, update to version 7.0(8)3 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.1, update to version 7.1(2)78 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.2, update to version 7.2(4)16 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.0, update to version 8.0(4)6 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.1, update to version 8.1(1)13 or later. For Cisco PIX Security Appliances version 7.0, update to version 7.0(8)3 or later. For Cisco PIX Security Appliances version 7.1, update to version 7.1(2)78 or later. For Cisco PIX Security Appliances version 7.2, update to version 7.2(4)16 or later. For Cisco PIX Security Appliances version 8.0, update to version 8.0(4)6 or later. For Cisco PIX Security Appliances version 8.1, update to version 8.1(1)13 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2008-3815

Produtos afetados

Cisco Asa 5500 Series
Cisco Asa
Cisco Pix Security Appliances
Windows Nt