Описание
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00327
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
EPSS
Процентиль: 55%
0.00327
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other