CVE-2020-3125 — Improper Authentication in Cisco Adaptive Security Appliance Software

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 21.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance Software Cisco ASA 5505 Firmware +11 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is configured to perform Kerberos authentication for VPN or local device access. The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages14 packages

▶NVDcisco/adaptive_security_appliance_software9.8 — 9.8.4.15+4

▶CVEListV5cisco/cisco_adaptive_security_appliance_softwaren/a

▶NVDcisco/asa_5505_firmware9.10\(1.220\)

▶NVDcisco/asa_5510_firmware9.10\(1.220\)

▶NVDcisco/asa_5520_firmware9.10\(1.220\)

🔴Vulnerability Details

GHSA

GHSA-9x68-6g6c-vj48: A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote atta↗2022-05-24

▶

CVEList

Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability↗2020-05-06

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability↗2020-05-06

▶