CVE-2011-3285 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation CWE-94 — Code Injection3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedMay 2

Latest updateMay 17

Description

CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software30 versions+29

🔴Vulnerability Details

GHSA

GHSA-rqqr-gj2j-gj69: CRLF injection vulnerability in /+CSCOE+/logon↗2022-05-17

▶

CVEList

CVE-2011-3285: CRLF injection vulnerability in /+CSCOE+/logon↗2012-05-02

▶