CVE-2015-6344

CWE-200 — Information Exposure4 documents4 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 63.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASA CX Context-aware Security Software

Timeline

PublishedOct 30

Latest updateMay 17

Description

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/asa_cx_context-aware_security_software9.3.4.1.11

🔴Vulnerability Details

GHSA

GHSA-h58g-f77x-j9p5: The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9↗2022-05-17

▶

CVEList

CVE-2015-6344: The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9↗2015-10-30

▶

📋Vendor Advisories

Cisco

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability↗2015-10-27

▶