CVE-2015-4550 — Cisco Adaptive Security Appliance Software vulnerability

CWE-3104 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 33.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedJun 17

Latest updateMay 17

Description

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.3\(3\), 9.4\(1.1\)+1

🔴Vulnerability Details

GHSA

GHSA-w7cf-c9rf-hghr: The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9↗2022-05-17

▶

CVEList

CVE-2015-4550: The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9↗2015-06-17

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability↗2015-06-16

▶