Unauthorized Access in Cisco ASA CX Context-Aware Security Web GUI
CVE-2015-6344

Currently unrated

Key Information:

Vendor: Cisco
Status: Asa Cx Context-aware Security Software
Vendor: CVE Published:; 30 October 2015

What is CVE-2015-6344?

The web-based graphical user interface (GUI) of Cisco's Adaptive Security Appliance (ASA) CX Context-Aware Security version 9.3(4.1.11) is susceptible to a vulnerability that enables remote authenticated users to bypass designated access restrictions. This flaw allows unauthorized access to sensitive user information through specific HTTP requests, raising significant security concerns for users and administrators.

References

http://www.securitytracker.com/id/1034001

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2015
Vulnerability Reserved
Aug 17, 2015