CVE-2013-5510 — Improper Authentication in Cisco Adaptive Security Appliance Software

CWE-287 — Improper Authentication CWE-20 — Improper Input Validation CWE-264 CWE-3995 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 63.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedOct 13

Latest updateMay 17

Description

The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software84 versions+83

🔴Vulnerability Details

GHSA

GHSA-m4r6-hfwj-vc65: The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7↗2022-05-17

▶

CVEList

CVE-2013-5510: The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7↗2013-10-13

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco ASA Software↗2013-10-09

▶

Cisco

Cisco Adaptive Security Appliance Software Remote Access VPN Authentication Bypass Vulnerability↗2013-10-09

▶