CVE-2013-5511

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
ciscoadaptive_security_appliance_software
8.2
ciscoadaptive_security_appliance_software
8.2\(1\)
ciscoadaptive_security_appliance_software
8.2\(2\)
ciscoadaptive_security_appliance_software
8.2\(3\)
ciscoadaptive_security_appliance_software
8.2\(3.9\)
ciscoadaptive_security_appliance_software
8.2\(4\)
ciscoadaptive_security_appliance_software
8.2\(4.1\)
ciscoadaptive_security_appliance_software
8.2\(4.4\)
ciscoadaptive_security_appliance_software
8.2\(5\)
ciscoadaptive_security_appliance_software
8.2\(5.35\)
ciscoadaptive_security_appliance_software
8.2\(5.38\)
ciscoadaptive_security_appliance_software
8.2.1
ciscoadaptive_security_appliance_software
8.2.2
ciscoadaptive_security_appliance_software
8.2.2:interim
ciscoadaptive_security_appliance_software
8.2.3
ciscoadaptive_security_appliance_software
8.3\(1\)
ciscoadaptive_security_appliance_software
8.3\(2\)
ciscoadaptive_security_appliance_software
8.3\(2.34\)
ciscoadaptive_security_appliance_software
8.3\(2.37\)
ciscoadaptive_security_appliance_software
8.3.1
ciscoadaptive_security_appliance_software
8.3.1:interim
ciscoadaptive_security_appliance_software
8.3.2
ciscoadaptive_security_appliance_software
8.4
ciscoadaptive_security_appliance_software
8.4\(1\)
ciscoadaptive_security_appliance_software
8.4\(1.11\)
ciscoadaptive_security_appliance_software
8.4\(2\)
ciscoadaptive_security_appliance_software
8.4\(2.11\)
ciscoadaptive_security_appliance_software
8.4\(3\)
ciscoadaptive_security_appliance_software
8.4\(4.11\)
ciscoadaptive_security_appliance_software
8.4\(5\)
ciscoadaptive_security_appliance_software
8.5
ciscoadaptive_security_appliance_software
8.5\(1\)
ciscoadaptive_security_appliance_software
8.5\(1.4\)
ciscoadaptive_security_appliance_software
8.5\(1.17\)
ciscoadaptive_security_appliance_software
8.6
ciscoadaptive_security_appliance_software
8.6\(1\)
ciscoadaptive_security_appliance_software
8.6\(1.3\)
ciscoadaptive_security_appliance_software
8.6\(1.10\)
ciscoadaptive_security_appliance_software
8.7\(1.3\)
ciscoadaptive_security_appliance_software
8.7.1
ciscoadaptive_security_appliance_software
8.7.1.1
ciscoadaptive_security_appliance_software
9.0
ciscoadaptive_security_appliance_software
9.1
ciscoadaptive_security_appliance_software
9.1\(1.7\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511