PT-2010-2325 · Cisco · Cisco Asa 5500 Series Adaptive Security Appliance+2
Published
2010-02-17
·
Updated
2017-08-17
·
CVE-2010-0568
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9)
Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.6)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.39)
Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(2.0)
Cisco PIX 500 Series Security Appliance (affected versions not specified)
Description
The issue allows remote attackers to bypass NTLMv1 authentication via a crafted
username. This can be exploited by sending a crafted request to the affected system.Recommendations
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.0 through 7.0(8.9), update to version 7.0(8.10) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 7.2 through 7.2(4.44), update to version 7.2(4.45) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.0 through 8.0(5.6), update to version 8.0(5.7) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.1 through 8.1(2.39), update to version 8.1(2.40) or later.
For Cisco ASA 5500 Series Adaptive Security Appliance versions 8.2 through 8.2(2.0), update to version 8.2(2.1) or later.
For Cisco PIX 500 Series Security Appliance, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Asa 5500 Series Adaptive Security Appliance
Cisco Asa
Cisco Pix 500 Series Security Appliance