CVE-2011-0396 — Cisco Adaptive Security Appliance vulnerability

CWE-264 CWE-3996 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Cisco Adaptive Security Appliance Software

Timeline

PublishedFeb 25

Latest updateMay 14

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software8.0, 8.3\(1\)+1

▶NVDcisco/adaptive_security_appliance10 versions+9

🔴Vulnerability Details

GHSA

GHSA-hmmq-hjh9-ghq8: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2022-05-14

▶

CVEList

CVE-2011-0396: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2011-02-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances↗2011-02-23

▶

💬Community

Bugzilla

CVE-2011-0721 shadow: Multiple CRLF injections in chfn and chsh↗2011-02-20

▶

Bugzilla

CVE-2010-0396 dpkg: path traversal issue↗2010-03-11

▶