CVE-2012-0335Improper Authentication in Cisco Adaptive Security Appliance Software

CWE-287Improper AuthenticationCWE-200Sensitive Information ExposureCWE-863Incorrect AuthorizationCWE-613Insufficient Session Expiration6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 37.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack NovaCisco Adaptive Security Appliance Software
Timeline
PublishedMay 2
Latest updateMay 5

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPIopenstack/nova< 12.0.0a0

🔴Vulnerability Details

3
GHSA
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM2022-05-05
GHSA
GHSA-mxfj-4qf9-32fh: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 72022-05-04
CVEList
CVE-2012-0335: Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 72012-05-02

📋Vendor Advisories

2
Red Hat
CVE-2013-0335: OpenStack Compute (Nova) Grizzly, Folsom (20122013-03-22
Cisco
Cisco ASA 5500 Series Adaptive Security Appliance Cut-Through Proxy Authentication Information Disclosure Vulnerability2012-05-16
CVE-2012-0335 — Improper Authentication in Cisco | cvebase