CVE-2013-5511

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 8.2.x through 8.2(5.45) Cisco Adaptive Security Appliance (ASA) Software versions 8.3.x through 8.3(2.38) Cisco Adaptive Security Appliance (ASA) Software versions 8.4.x through 8.4(5) Cisco Adaptive Security Appliance (ASA) Software versions 8.5.x through 8.5(1.17) Cisco Adaptive Security Appliance (ASA) Software versions 8.6.x through 8.6(1.11) Cisco Adaptive Security Appliance (ASA) Software versions 8.7.x through 8.7(1.6) Cisco Adaptive Security Appliance (ASA) Software versions 9.0.x through 9.0(3.0) Cisco Adaptive Security Appliance (ASA) Software versions 9.1.x through 9.1(2.5)

Description The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software does not properly implement the authentication-certificate option. This allows remote attackers to bypass authentication via a TCP session to an ASDM interface.

Recommendations For versions 8.2.x, update to 8.2(5.46) or later. For versions 8.3.x, update to 8.3(2.39) or later. For versions 8.4.x, update to 8.4(6) or later. For versions 8.5.x, update to 8.5(1.18) or later. For versions 8.6.x, update to 8.6(1.12) or later. For versions 8.7.x, update to 8.7(1.7) or later. For versions 9.0.x, update to 9.0(3.1) or later. For versions 9.1.x, update to 9.1(2.6) or later.