CVE-2011-3309 — Sensitive Information Exposure in Cisco Adaptive Security Appliance Software

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedMay 2

Latest updateMay 17

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 process IKE requests despite a vpnclient mode configuration, which allows remote attackers to obtain potentially sensitive information by reading IKE responder traffic, aka Bug ID CSCtt07749.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software20 versions+19

🔴Vulnerability Details

GHSA

GHSA-m83r-347v-p4vc: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2022-05-17

▶

CVEList

CVE-2011-3309: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8↗2012-05-02

▶