CVE-2018-0227 — Improper Certificate Validation in Cisco Adaptive Security Appliance Software

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense

Timeline

PublishedApr 19

Latest updateMay 13

Description

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certifi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/adaptive_security_appliance_software9.4.4 — 9.4.4.13+7

▶NVDcisco/firepower_threat_defense6.0 — 6.0.1.4+1

🔴Vulnerability Details

GHSA

GHSA-25vq-3gfh-mvj7: A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security↗2022-05-13

▶

CVEList

CVE-2018-0227: A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security↗2018-04-19

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability↗2018-04-18

▶