PT-2008-4179 · Cisco · Cisco Asa
Published
2008-09-03
·
Updated
2017-08-08
·
CVE-2008-2736
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliance (ASA) 5500 devices version 8.0(3)15
Cisco Adaptive Security Appliance (ASA) 5500 devices version 8.0(3)16
Cisco Adaptive Security Appliance (ASA) 5500 devices version 8.1(1)4
Cisco Adaptive Security Appliance (ASA) 5500 devices version 8.1(1)5
Description
The issue allows remote attackers to obtain usernames and passwords via unknown vectors when the device is configured as a clientless SSL VPN endpoint. Multiple vulnerabilities may result in a reload of the device or disclosure of confidential information.
Recommendations
For version 8.0(3)15, update to a fixed version to prevent remote attackers from obtaining usernames and passwords.
For version 8.0(3)16, update to a fixed version to prevent remote attackers from obtaining usernames and passwords.
For version 8.1(1)4, update to a fixed version to prevent remote attackers from obtaining usernames and passwords.
For version 8.1(1)5, update to a fixed version to prevent remote attackers from obtaining usernames and passwords.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Asa