CVE-2013-5509 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-264 CWE-20 — Improper Input Validation CWE-3994 documents4 sources

Severity

10.0CRITICALNVD

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 13

Latest updateMay 17

Description

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.0, 9.1+1

🔴Vulnerability Details

GHSA

GHSA-m6gf-4gcj-j6c4: The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2022-05-17

▶

CVEList

CVE-2013-5509: The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2013-10-13

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco ASA Software↗2013-10-09

▶