PT-2008-5169 · Cisco+1 · Cisco Asa 5500 Series+3

Published

2008-10-22

·

Updated

2017-09-29

·

CVE-2008-3815

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.0 through 7.0(8)2 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.1 through 7.1(2)77 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 7.2 through 7.2(4)15 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.0 through 8.0(4)5 Cisco Adaptive Security Appliances (ASA) 5500 Series versions 8.1 through 8.1(1)12 Cisco PIX Security Appliances versions 7.0 through 7.0(8)2 Cisco PIX Security Appliances versions 7.1 through 7.1(2)77 Cisco PIX Security Appliances versions 7.2 through 7.2(4)15 Cisco PIX Security Appliances versions 8.0 through 8.0(4)5 Cisco PIX Security Appliances versions 8.1 through 8.1(1)12
Description The issue allows remote attackers to bypass VPN authentication via unknown vectors when the appliances are configured as a VPN using Microsoft Windows NT Domain authentication. Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances.
Recommendations For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.0, update to version 7.0(8)3 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.1, update to version 7.1(2)78 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 7.2, update to version 7.2(4)16 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.0, update to version 8.0(4)6 or later. For Cisco Adaptive Security Appliances (ASA) 5500 Series version 8.1, update to version 8.1(1)13 or later. For Cisco PIX Security Appliances version 7.0, update to version 7.0(8)3 or later. For Cisco PIX Security Appliances version 7.1, update to version 7.1(2)78 or later. For Cisco PIX Security Appliances version 7.2, update to version 7.2(4)16 or later. For Cisco PIX Security Appliances version 8.0, update to version 8.0(4)6 or later. For Cisco PIX Security Appliances version 8.1, update to version 8.1(1)13 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-3815

Affected Products

Cisco Asa 5500 Series
Cisco Asa
Cisco Pix Security Appliances
Windows Nt