CVE-2013-5511 — Improper Authentication in Cisco Adaptive Security Appliance Software
Severity
10.0CRITICALNVD
EPSS
1.6%
top 18.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 13
Latest updateMay 17
Description
The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-5985-4qrp-5j97: The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8↗2022-05-17
CVEList▶
CVE-2013-5511: The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8↗2013-10-13