PT-2015-1055 · Cisco · Cisco Asa
Alec Stuart-Muirk
·
Publicado
2015-04-08
·
Atualizado
2022-05-26
·
CVE-2015-0675
CVSS v2.0
8.3
Alta
| Vetor | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliance (ASA) Software versions 9.1 through 9.1(5)
Cisco Adaptive Security Appliance (ASA) Software versions 9.2 through 9.2(3.2)
Cisco Adaptive Security Appliance (ASA) Software versions 9.3 through 9.3(2)
Description
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software does not properly validate failover communication messages. This allows remote attackers to reconfigure an ASA device and obtain administrative control by sending crafted UDP packets over the local network to the failover interface.
Recommendations
For versions 9.1 through 9.1(5), update to version 9.1(6) or later.
For versions 9.2 through 9.2(3.2), update to version 9.2(3.3) or later.
For versions 9.3 through 9.3(2), update to version 9.3(3) or later.
Correção
RCE
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Asa