Security Bypass in Cisco ASA 5500 Series WebVPN Implementation
CVE-2010-4680

Currently unrated

Key Information:

Vendor: Cisco
Status: Adaptive Security Appliance Software; 5500 Series Adaptive Security Appliance; Asa 5500
Vendor: CVE Published:; 7 January 2011

Summary

The WebVPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices is susceptible to a security bypass vulnerability, permitting remote authenticated users to gain unauthorized access to CIFS shares, even when file browsing is disabled. This flaw, identified as Bug ID CSCsz80777, allows users to exploit CIFS requests to bypass access controls, leading to potential data exposure.

References

http://www.securitytracker.com/id?1024963

vdb-entryx_refsource_SECTRACK

http://www.cisco.com/en/US/docs/security/asa/asa82/releas...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/45767

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 7, 2011
Vulnerability Reserved
Jan 6, 2011