Описание
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0397
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
- http://osvdb.org/32720
- http://secunia.com/advisories/23836
- http://securitytracker.com/id?1017535
- http://securitytracker.com/id?1017536
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml
- http://www.securityfocus.com/bid/22111
- http://www.vupen.com/english/advisories/2007/0245
EPSS
CVE ID
Связанные уязвимости
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
EPSS