Information Disclosure Vulnerability in Cisco ASA 5500 Series Products
CVE-2010-4690

Currently unrated

Key Information:

Vendor: Cisco
Status: Adaptive Security Appliance Software; 5500 Series Adaptive Security Appliance; Asa 5500
Vendor: CVE Published:; 7 January 2011

Summary

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software versions prior to 8.3(2) is susceptible to an improper authentication vulnerability. This flaw allows remote attackers to exploit unauthorized access to sensitive information by sending specifically crafted HTTP HEAD requests from a Web Security Appliance (WSA). The lack of proper authentication mechanisms in the HTTP request handling could lead to the exposure of confidential data, potentially compromising the security integrity of affected systems.

References

http://www.securitytracker.com/id?1024963

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/45768

vdb-entryx_refsource_BID

http://www.cisco.com/en/US/docs/security/asa/asa83/releas...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 7, 2011
Vulnerability Reserved
Jan 7, 2011