CVE-2015-0675 — Improper Access Control in Cisco Adaptive Security Appliance Software

CWE-284 — Improper Access ControlCWE-3994 documents4 sources
Severity
8.3HIGHNVD
EPSS
0.2%
top 56.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedApr 13
Latest updateMay 17

Description

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5p4h-p3w9-2g68: The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2022-05-17
â–¶
CVEList
CVE-2015-0675: The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9↗2015-04-13
â–¶

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco ASA Software↗2015-04-08
â–¶
CVE-2015-0675 — Improper Access Control in Cisco | cvebase