FKIE_CVE-2011-2054
Vulnerability from fkie_nvd - Published: 2020-02-19 03:15 - Updated: 2024-11-21 01:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | asa_5500_firmware | 8.4\(1\) | |
| cisco | asa_5500 | - | |
| cisco | asa_5510_firmware | 8.4\(1\) | |
| cisco | asa_5510 | - | |
| cisco | asa_5512-x_firmware | 8.4\(1\) | |
| cisco | asa_5512-x | - | |
| cisco | asa_5515-x_firmware | 8.4\(1\) | |
| cisco | asa_5515-x | - | |
| cisco | asa_5520_firmware | 8.4\(1\) | |
| cisco | asa_5520 | - | |
| cisco | asa_5525-x_firmware | 8.4\(1\) | |
| cisco | asa_5525-x | - | |
| cisco | asa_5540_firmware | 8.4\(1\) | |
| cisco | asa_5540 | - | |
| cisco | asa_5545-x_firmware | 8.4\(1\) | |
| cisco | asa_5545-x | - | |
| cisco | asa_5550_firmware | 8.4\(1\) | |
| cisco | asa_5550 | - | |
| cisco | asa_5555-x_firmware | 8.4\(1\) | |
| cisco | asa_5555-x | - | |
| cisco | asa_5580_firmware | 8.4\(1\) | |
| cisco | asa_5580 | - | |
| cisco | asa_5585-x_firmware | 8.4\(1\) | |
| cisco | asa_5585-x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5500_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "492D7C72-7AD0-4BED-A9C2-D5FF5075C9B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7018906A-ACDF-4D7B-B816-ED9C235BF04E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5510_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CEAC7D3-6E2E-4F92-991D-A02670847272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B091B9BA-D4CA-435B-8D66-602B45F0E0BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5512-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08330CC1-E646-45C5-AD18-32D8C7CB59D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0F160-DAD2-48D4-B7B2-4818B2526F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5515-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "134BCB2B-DD05-4816-9C86-DEDF20D56B92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "977D597B-F6DE-4438-AB02-06BE64D71EBE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5520_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F3A0F94-A74A-4C02-9E60-FB8952447A35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B387F62-6341-434D-903F-9B72E7F84ECB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5525-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B975C1BC-6F91-4233-8E0E-A2B6A8C0BA21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB71EB29-0115-4307-A9F7-262394FD9FB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5540_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3A67CC83-A1E5-41ED-ABA6-CE34B2C95FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C5A524-E1D9-480F-B655-0680AA5BF720",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5545-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F295FA59-3EEA-4E83-BF2B-8E47C2605002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57179F60-E330-4FF0-9664-B1E4637FF210",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5550_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "689C7278-FD25-434D-A66C-67B897B8E1D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6287D95-F564-44B7-A0F9-91396D7C2C4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5555-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EA496C1C-765B-4A38-B547-584CC477F6F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5535C936-391B-4619-AA03-B35265FC15D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5580_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C60B539-889F-4E44-9DDB-5A82E8DB663F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E828B8-5ECC-4A09-B2AD-DEDC558713DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:asa_5585-x_firmware:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "18CEF113-0DBE-46C9-9C79-3239E2AF10E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AE20C2-C77E-4E04-BF13-A48696E52426",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el Cisco ASA , podr\u00eda permitir a atacantes remotos una autenticaci\u00f3n con \u00e9xito usando el cliente Cisco AnyConnect VPN si el tipo Secondary Authentication es LDAP y la contrase\u00f1a se deja en blanco, siempre que las credenciales principales sean correctas. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entrada inapropiada de determinados par\u00e1metros pasados ??al software afectado. Un atacante debe tener las credenciales principales correctas a fin de explotar con \u00e9xito esta vulnerabilidad."
}
],
"id": "CVE-2011-2054",
"lastModified": "2024-11-21T01:27:30.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T03:15:10.277",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…