PT-2016-4688 · Cisco · Cisco Asa+1
Published
2016-01-15
·
Updated
2023-08-15
·
CVE-2016-1295
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Adaptive Security Appliance (ASA) Software version 8.4
Description
A remote attacker can obtain sensitive information via an AnyConnect authentication attempt. This issue allows an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.
Recommendations
For Cisco Adaptive Security Appliance (ASA) Software version 8.4, consider restricting access to the AnyConnect authentication endpoint as a temporary workaround until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anyconnect
Cisco Asa