Authentication Bypass in Cisco Adaptive Security Appliances and Firewall Services Module
CVE-2011-3298

Currently unrated

Key Information:

Vendor: Cisco
Status: Adaptive Security Appliance Software; 5500 Series Adaptive Security Appliance; Asa 5500
Vendor: CVE Published:; 6 October 2011

Summary

The authentication bypass vulnerability in Cisco Adaptive Security Appliances (ASA) and the Firewall Services Module (FWSM) allows remote attackers to gain unauthorized access by exploiting a crafted TACACS+ reply. This flaw affects multiple versions across the ASA 5500 series and the ASA Services module in Cisco Catalyst 6500 series devices. The affected systems fail to adequately validate the responses from the TACACS+ protocol, leading to potential unauthorized control over the network devices. To mitigate risks, affected users should upgrade to the recommended software versions listed in Cisco's security advisories.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/70328

vdb-entryx_refsource_XF

http://www.cisco.com/warp/public/707/cisco-sa-20111005-as...

vendor-advisoryx_refsource_CISCO

http://www.cisco.com/warp/public/707/cisco-sa-20111005-fw...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Oct 6, 2011
Vulnerability Reserved
Aug 29, 2011