PT-2010-2325 · Cisco · Cisco Asa 5500 Series Adaptive Security Appliance+2
Publicado
2010-02-17
·
Atualizado
2017-08-17
·
CVE-2010-0568
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9)
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.6)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.39)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(2.0)
Cisco PIX 500 Series Security Appliance (affected versions not specified)
Description
The issue allows remote attackers to bypass NTLMv1 authentication via a crafted
username. This can be exploited by sending a crafted request to the affected system.Recommendations
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9), update to version 7.0(8.10) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44), update to version 7.2(4.45) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.6), update to version 8.0(5.7) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.39), update to version 8.1(2.40) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(2.0), update to version 8.2(2.1) or later.
For Cisco PIX 500 Series Security Appliance, at the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Asa 5500 Series Adaptive Security Appliance
Cisco Asa
Cisco Pix 500 Series Security Appliance