PT-2010-1715 · Cisco · Cisco Asa
Published
2010-06-29
·
Updated
2010-06-30
·
CVE-2009-4912
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliances (ASA) 5580 series devices versions prior to 8.1(2)
Description
The issue allows remote attackers to bypass intended access restrictions via an HTTPS session. This occurs because the device completes an SSL handshake with an HTTPS client even if the client is unauthorized.
Recommendations
For versions prior to 8.1(2), update to version 8.1(2) or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Asa