CVE-2015-0760 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 48.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedJun 4

Latest updateMay 17

Description

The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software7.0 — 8.2.2.13

🔴Vulnerability Details

GHSA

GHSA-99qq-rjrp-5v3c: The IKEv1 implementation in Cisco ASA Software 7↗2022-05-17

▶

CVEList

CVE-2015-0760: The IKEv1 implementation in Cisco ASA Software 7↗2015-06-04

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability↗2015-06-02

▶