CVE-2007-0397 — Cisco Adaptive Security Appliance Device Manager vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.3%

top 43.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Device Manager Cisco Security Monitoring Analysis AND Response System

Timeline

PublishedJan 20

Latest updateMay 1

Description

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDcisco/security_monitoring_analysis_and_response_system4.2.3

▶NVDcisco/adaptive_security_appliance_device_manager5.2.53

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-phqx-vrmq-55jr: The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4↗2022-05-01

▶

CVEList

CVE-2007-0397: The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4↗2007-01-20

▶

📋Vendor Advisories

Cisco

Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability↗2007-01-18

▶