Device Spoofing Vulnerability in Cisco Security Monitoring and Analysis Products
CVE-2007-0397

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Monitoring Analysis And Response System
Vendor: CVE Published:; 20 January 2007

Summary

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and Adaptive Security Device Manager (ASDM) are susceptible to a vulnerability that arises from the lack of SSL/TLS certificate and SSH public key validation. This flaw enables remote attackers to impersonate legitimate devices, potentially leading to unauthorized access and the exposure of sensitive information. Organizations using these products prior to the specified versions are at risk of attacker deception, causing the systems to process misleading or incorrect data.

References

http://securitytracker.com/id?1017535

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/22111

vdb-entryx_refsource_BID

http://osvdb.org/32720

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 20, 2007
Vulnerability Reserved
Jan 19, 2007