cvelistv5 - cve-2007-0397

CVE-2007-0397 (GCVE-0-2007-0397)

Vulnerability from cvelistv5 – Published: 2007-01-20 01:00 – Updated: 2024-08-07 12:19

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1017535	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/22111	vdb-entryx_refsource_BID
	http://osvdb.org/32720	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/0245	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1017536	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/23836	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:29.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017535",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017535"
          },
          {
            "name": "22111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22111"
          },
          {
            "name": "32720",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32720"
          },
          {
            "name": "ADV-2007-0245",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0245"
          },
          {
            "name": "1017536",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017536"
          },
          {
            "name": "23836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23836"
          },
          {
            "name": "cisco-csmars-asdm-device-spoofing(31567)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
          },
          {
            "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017535",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017535"
        },
        {
          "name": "22111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22111"
        },
        {
          "name": "32720",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32720"
        },
        {
          "name": "ADV-2007-0245",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0245"
        },
        {
          "name": "1017536",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017536"
        },
        {
          "name": "23836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23836"
        },
        {
          "name": "cisco-csmars-asdm-device-spoofing(31567)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
        },
        {
          "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017535",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017535"
            },
            {
              "name": "22111",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22111"
            },
            {
              "name": "32720",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32720"
            },
            {
              "name": "ADV-2007-0245",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0245"
            },
            {
              "name": "1017536",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017536"
            },
            {
              "name": "23836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23836"
            },
            {
              "name": "cisco-csmars-asdm-device-spoofing(31567)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
            },
            {
              "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0397",
    "datePublished": "2007-01-20T01:00:00",
    "dateReserved": "2007-01-19T00:00:00",
    "dateUpdated": "2024-08-07T12:19:29.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"378FF1D6-86D3-431C-927F-16FF6372529A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.\"}, {\"lang\": \"es\", \"value\": \"El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\\u00f3n sensible o generando informaci\\u00f3n incorrecta.\"}]",
      "id": "CVE-2007-0397",
      "lastModified": "2024-11-21T00:25:45.683",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-01-20T01:28:00.000",
      "references": "[{\"url\": \"http://osvdb.org/32720\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23836\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017535\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017536\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22111\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0245\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/32720\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/23836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22111\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0397\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-20T01:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.\"},{\"lang\":\"es\",\"value\":\"El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\u00f3n sensible o generando informaci\u00f3n incorrecta.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378FF1D6-86D3-431C-927F-16FF6372529A\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/32720\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23836\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017536\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22111\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0245\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2007-0397

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0397

Aliases

CVE-2007-0397

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0397",
    "description": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
    "id": "GSD-2007-0397"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0397"
      ],
      "details": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
      "id": "GSD-2007-0397",
      "modified": "2023-12-13T01:21:35.745248Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0397",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017535",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017535"
          },
          {
            "name": "22111",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22111"
          },
          {
            "name": "32720",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32720"
          },
          {
            "name": "ADV-2007-0245",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0245"
          },
          {
            "name": "1017536",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017536"
          },
          {
            "name": "23836",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23836"
          },
          {
            "name": "cisco-csmars-asdm-device-spoofing(31567)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
          },
          {
            "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0397"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
            },
            {
              "name": "22111",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22111"
            },
            {
              "name": "1017535",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017535"
            },
            {
              "name": "1017536",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017536"
            },
            {
              "name": "23836",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23836"
            },
            {
              "name": "32720",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32720"
            },
            {
              "name": "ADV-2007-0245",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0245"
            },
            {
              "name": "cisco-csmars-asdm-device-spoofing(31567)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2007-01-20T01:28Z"
    }
  }
}

GHSA-PHQX-VRMQ-55JR

Vulnerability from github – Published: 2022-05-01 17:44 – Updated: 2022-05-01 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0397"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-20T01:28:00Z",
    "severity": "MODERATE"
  },
  "details": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.",
  "id": "GHSA-phqx-vrmq-55jr",
  "modified": "2022-05-01T17:44:03Z",
  "published": "2022-05-01T17:44:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0397"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32720"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200701-0177

Vulnerability from variot - Updated: 2023-12-18 13:58

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. This issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. This can be exploited to conduct spoofing attacks and possibly gain knowledge of sensitive information.

SOLUTION: Update to the latest version. http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2

PROVIDED AND/OR DISCOVERED BY: The vendor credits Jan Bervar, NIL Data Communications.

ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0177",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security monitoring analysis and response system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "adaptive security appliance device manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.2.53"
      },
      {
        "model": "adaptive security device manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "5.2(2.54)"
      },
      {
        "model": "security monitoring, analysis and response system",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "adaptive security device manager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5.2.53"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1.3"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1.2"
      },
      {
        "model": "networks contivity vpn switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nortel",
        "version": "20004.1"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.2"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.1"
      },
      {
        "model": "cs-mars",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.1.5"
      },
      {
        "model": "asdm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "cs-mars",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "4.2.3"
      },
      {
        "model": "asdm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jan Bervar",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0397",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-0397",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-23759",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0397",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-320",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-23759",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. \nThis issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595. Cisco CS-MARS can receive event logs from various network devices, correlate and analyze the received security problem data, and report findings; ASDM can provide management and monitoring services for various Cisco security devices, and provide firewall services for Cisco switches and routers module. Cisco CS-MARS and ASDM have vulnerabilities in the implementation of communication authentication with managed devices. Because the certificate and public key provided by the device are not verified, if the certificate or public key changes, the affected product cannot determine whether the device it communicates with is legitimate, or whether the device is pretending to be a legitimate device. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. This can be exploited\nto conduct spoofing attacks and possibly gain knowledge of sensitive\ninformation. \n\nSOLUTION:\nUpdate to the latest version. \nhttp://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Jan Bervar, NIL Data Communications. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "22111",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "23836",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0245",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017536",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1017535",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "32720",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "31567",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20070118 SSL/TLS CERTIFICATE AND SSH PUBLIC KEY VALIDATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-23759",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53759",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "id": "VAR-200701-0177",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:58:22.855000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20070118-certs",
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/csa/cisco-sa-20070118-certs.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/22111"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a00807c517f.shtml"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/32720"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017535"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017536"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/23836"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0245"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0397"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0397"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/31567"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0245"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6121/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps6241/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/457291"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/asa-interim?psrtdcat20e2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6780/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23836/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12574/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "date": "2007-01-18T00:00:00",
        "db": "BID",
        "id": "22111"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "date": "2007-01-20T00:09:28",
        "db": "PACKETSTORM",
        "id": "53759"
      },
      {
        "date": "2007-01-20T01:28:00",
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "date": "2007-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23759"
      },
      {
        "date": "2007-01-18T20:10:00",
        "db": "BID",
        "id": "22111"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      },
      {
        "date": "2018-10-30T16:25:04.340000",
        "db": "NVD",
        "id": "CVE-2007-0397"
      },
      {
        "date": "2007-01-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CS-MARS Vulnerabilities that generate inaccurate information",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001419"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "22111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-320"
      }
    ],
    "trust": 0.9
  }
}

FKIE_CVE-2007-0397

Vulnerability from fkie_nvd - Published: 2007-01-20 01:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32720
cve@mitre.org	http://secunia.com/advisories/23836
cve@mitre.org	http://securitytracker.com/id?1017535
cve@mitre.org	http://securitytracker.com/id?1017536
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
cve@mitre.org	http://www.securityfocus.com/bid/22111
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0245
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32720
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23836
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017535
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017536
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22111
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0245
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31567

Impacted products

	Vendor	Product	Version
	cisco	security_monitoring_analysis_and_response_system	4.2.3
	cisco	adaptive_security_appliance_device_manager	5.2.53

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B60CEE1-D3EE-4C03-B47A-06E26BA08A3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "378FF1D6-86D3-431C-927F-16FF6372529A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information."
    },
    {
      "lang": "es",
      "value": "El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves p\u00fablicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo informaci\u00f3n sensible o generando informaci\u00f3n incorrecta."
    }
  ],
  "id": "CVE-2007-0397",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-20T01:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32720"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31567"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0397 (GCVE-0-2007-0397)

GSD-2007-0397

GHSA-PHQX-VRMQ-55JR

VAR-200701-0177

FKIE_CVE-2007-0397

Tags

Sightings

Nomenclature