CVE-2017-6752 — Sensitive Information Exposure in Cisco Adaptive Security Appliance Software

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 25.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedAug 7

Latest updateMay 13

Description

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumer…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.3.3, 9.6.2+1

🔴Vulnerability Details

GHSA

GHSA-wvc6-xr2j-qjmh: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9↗2022-05-13

▶

CVEList

CVE-2017-6752: A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9↗2017-08-07

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability↗2017-08-02

▶