cvelistv5 - CVE-2007-0397

CVE-2007-0397

Vulnerability from cvelistv5

Published

2007-01-20 01:00

Modified

2024-08-07 12:19

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32720
cve@mitre.org	http://secunia.com/advisories/23836
cve@mitre.org	http://securitytracker.com/id?1017535
cve@mitre.org	http://securitytracker.com/id?1017536
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
cve@mitre.org	http://www.securityfocus.com/bid/22111
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0245
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32720
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23836
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017535
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017536
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22111
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0245
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:29.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017535"
          },
          {
            "name": "22111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22111"
          },
          {
            "name": "32720",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32720"
          },
          {
            "name": "ADV-2007-0245",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0245"
          },
          {
            "name": "1017536",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017536"
          },
          {
            "name": "23836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23836"
          },
          {
            "name": "cisco-csmars-asdm-device-spoofing(31567)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
          },
          {
            "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017535"
        },
        {
          "name": "22111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22111"
        },
        {
          "name": "32720",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32720"
        },
        {
          "name": "ADV-2007-0245",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0245"
        },
        {
          "name": "1017536",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017536"
        },
        {
          "name": "23836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23836"
        },
        {
          "name": "cisco-csmars-asdm-device-spoofing(31567)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
        },
        {
          "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017535",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017535"
            },
            {
              "name": "22111",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22111"
            },
            {
              "name": "32720",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32720"
            },
            {
              "name": "ADV-2007-0245",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0245"
            },
            {
              "name": "1017536",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017536"
            },
            {
              "name": "23836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23836"
            },
            {
              "name": "cisco-csmars-asdm-device-spoofing(31567)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
            },
            {
              "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0397",
    "datePublished": "2007-01-20T01:00:00",
    "dateReserved": "2007-01-19T00:00:00",
    "dateUpdated": "2024-08-07T12:19:29.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"378FF1D6-86D3-431C-927F-16FF6372529A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.\"}, {\"lang\": \"es\", \"value\": \"El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\\u00f3n sensible o generando informaci\\u00f3n incorrecta.\"}]",
      "id": "CVE-2007-0397",
      "lastModified": "2024-11-21T00:25:45.683",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-01-20T01:28:00.000",
      "references": "[{\"url\": \"http://osvdb.org/32720\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23836\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017535\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017536\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22111\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0245\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0397\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-20T01:28:00.000\",\"lastModified\":\"2024-11-21T00:25:45.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.\"},{\"lang\":\"es\",\"value\":\"El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\u00f3n sensible o generando informaci\u00f3n incorrecta.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378FF1D6-86D3-431C-927F-16FF6372529A\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/32720\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23836\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017536\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22111\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0245\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-phqx-vrmq-55jr

Vulnerability from github

Published

2022-05-01 17:44

Modified

2022-05-01 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0397"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-20T01:28:00Z",
    "severity": "MODERATE"
  },
  "details": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
  "id": "GHSA-phqx-vrmq-55jr",
  "modified": "2022-05-01T17:44:03Z",
  "published": "2022-05-01T17:44:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0397"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32720"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. This issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can be exploited to conduct spoofing attacks and possibly gain knowledge of sensitive information.

SOLUTION: Update to the latest version. http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2

PROVIDED AND/OR DISCOVERED BY: The vendor credits Jan Bervar, NIL Data Communications.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0177",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security monitoring analysis and response system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "adaptive security appliance device manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.2.53"
      },
      {
        "model": "adaptive security device manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.2(2.54)"
      },
      {
        "model": "security monitoring, analysis and response system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "adaptive security device manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.2.53"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1.3"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1.2"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.1"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1.5"
      },
      {
        "model": "asdm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "cs-mars",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "asdm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jan Bervar",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0397",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-0397",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-23759",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0397",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-320",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-23759",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. \nThis issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. This can be exploited\nto conduct spoofing attacks and possibly gain knowledge of sensitive\ninformation. \n\nSOLUTION:\nUpdate to the latest version. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Jan Bervar, NIL Data Communications. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22111",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "23836",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0245",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017536",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017535",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "32720",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "31567",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20070118 SSL/TLS CERTIFICATE AND SSH PUBLIC KEY VALIDATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-23759",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "id": "VAR-200701-0177",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:58:22.855000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070118-certs",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20070118-certs.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/22111"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807c517f.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/32720"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017535"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017536"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/23836"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0245"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0397"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0397"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/31567"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0245"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6121/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6241/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457291"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6780/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23836/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12574/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "date": "2007-01-18T00:00:00",
        "db": "BID",
        "id": "22111"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "date": "2007-01-20T00:09:28",
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "date": "2007-01-20T01:28:00",
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "date": "2007-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "date": "2007-01-18T20:10:00",
        "db": "BID",
        "id": "22111"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "date": "2018-10-30T16:25:04.340000",
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "date": "2007-01-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CS-MARS Vulnerabilities that generate inaccurate information",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.9
  }
}

CVE-2007-0397

Vulnerability from fkie_nvd

Published

2007-01-20 01:28

Modified

2024-11-21 00:25

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32720
cve@mitre.org	http://secunia.com/advisories/23836
cve@mitre.org	http://securitytracker.com/id?1017535
cve@mitre.org	http://securitytracker.com/id?1017536
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
cve@mitre.org	http://www.securityfocus.com/bid/22111
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0245
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32720
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23836
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017535
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017536
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22111
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0245
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567

Impacted products

	Vendor	Product	Version
	cisco	security_monitoring_analysis_and_response_system	4.2.3
	cisco	adaptive_security_appliance_device_manager	5.2.53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "378FF1D6-86D3-431C-927F-16FF6372529A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
    },
    {
      "lang": "es",
      "value": "El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\u00f3n sensible o generando informaci\u00f3n incorrecta."
    }
  ],
  "id": "CVE-2007-0397",
  "lastModified": "2024-11-21T00:25:45.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-20T01:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32720"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-0397

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0397

Aliases

CVE-2007-0397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0397",
    "description": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
    "id": "GSD-2007-0397"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0397"
      ],
      "details": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
      "id": "GSD-2007-0397",
      "modified": "2023-12-13T01:21:35.745248Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017535",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017535"
          },
          {
            "name": "22111",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22111"
          },
          {
            "name": "32720",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32720"
          },
          {
            "name": "ADV-2007-0245",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0245"
          },
          {
            "name": "1017536",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017536"
          },
          {
            "name": "23836",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23836"
          },
          {
            "name": "cisco-csmars-asdm-device-spoofing(31567)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
          },
          {
            "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
            },
            {
              "name": "22111",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22111"
            },
            {
              "name": "1017535",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017535"
            },
            {
              "name": "1017536",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017536"
            },
            {
              "name": "23836",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23836"
            },
            {
              "name": "32720",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32720"
            },
            {
              "name": "ADV-2007-0245",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0245"
            },
            {
              "name": "cisco-csmars-asdm-device-spoofing(31567)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2007-01-20T01:28Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0397

Vulnerability from cvelistv5

ghsa-phqx-vrmq-55jr

Vulnerability from github

var-200701-0177

Vulnerability from variot

CVE-2007-0397

Vulnerability from fkie_nvd

gsd-2007-0397

Vulnerability from gsd

Tags

Sightings

Nomenclature