Lucene search
CiscoCISCO-SA-20150602-CVE-2015-0760HistoryJun 02, 2015 - 9:27 p.m.
Cisco Adaptive Security Appliance XAUTH Bypass Vulnerability
2015-06-0221:27:52
tools.cisco.com
10
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
47.5%
A vulnerability in Internet Key Exchange (IKE) version 1 (v1) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to bypass Extended Authentication (XAUTH) and successfully log in via IPsec remote VPN.
The vulnerability is due to improper implementation of the logic of the XAUTH code. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to the affected system. An exploit could allow the attacker to bypass authentication and access the network via remote VPN.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.
This vulnerability affects only Cisco ASA Software configured for IKEv1 IPsec remote access and IKEv1 IPsec LAN-to-LAN. In addition, an attacker would need to know the tunnel group preshared key or have a valid certificate.
Cisco would like to thank Daniel Turner of Trustwave for reporting this vulnerability.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch7.0
ORciscoadaptive_security_appliance_softwareMatch7.1
ORciscoadaptive_security_appliance_softwareMatch7.2
ORciscoadaptive_security_appliance_softwareMatch8.0
ORciscoadaptive_security_appliance_softwareMatch8.2
ORciscoadaptive_security_appliance_softwareMatch8.1
ORciscoadaptive_security_appliance_softwareMatch7.0.1
ORciscoadaptive_security_appliance_softwareMatch7.0.1.4
ORciscoadaptive_security_appliance_softwareMatch7.0.4
ORciscoadaptive_security_appliance_softwareMatch7.0.4.2
ORciscoadaptive_security_appliance_softwareMatch7.0.2
ORciscoadaptive_security_appliance_softwareMatch7.0.3
ORciscoadaptive_security_appliance_softwareMatch7.0.7.1
ORciscoadaptive_security_appliance_softwareMatch7.0.8
ORciscoadaptive_security_appliance_softwareMatch7.0.7
ORciscoadaptive_security_appliance_softwareMatch7.0.6
ORciscoadaptive_security_appliance_softwareMatch7.0.5
ORciscoadaptive_security_appliance_softwareMatch7.0.5.12
ORciscoadaptive_security_appliance_softwareMatch7.0.6.4
ORciscoadaptive_security_appliance_softwareMatch7.0.6.8
ORciscoadaptive_security_appliance_softwareMatch7.0.6.18
ORciscoadaptive_security_appliance_softwareMatch7.0.6.22
ORciscoadaptive_security_appliance_softwareMatch7.0.6.26
ORciscoadaptive_security_appliance_softwareMatch7.0.6.29
ORciscoadaptive_security_appliance_softwareMatch7.0.6.32
ORciscoadaptive_security_appliance_softwareMatch7.0.7.4
ORciscoadaptive_security_appliance_softwareMatch7.0.7.9
ORciscoadaptive_security_appliance_softwareMatch7.0.7.12
ORciscoadaptive_security_appliance_softwareMatch7.0.8.2
ORciscoadaptive_security_appliance_softwareMatch7.0.8.8
ORciscoadaptive_security_appliance_softwareMatch7.0.8.12
ORciscoadaptive_security_appliance_softwareMatch7.0.8.13
ORciscoadaptive_security_appliance_softwareMatch7.1.2.61
ORciscoadaptive_security_appliance_softwareMatch7.1.2
ORciscoadaptive_security_appliance_softwareMatch7.1.2.81
ORciscoadaptive_security_appliance_softwareMatch7.1.2.64
ORciscoadaptive_security_appliance_softwareMatch7.1.2.72
ORciscoadaptive_security_appliance_softwareMatch7.1.2.16
ORciscoadaptive_security_appliance_softwareMatch7.1.2.20
ORciscoadaptive_security_appliance_softwareMatch7.1.2.24
ORciscoadaptive_security_appliance_softwareMatch7.1.2.28
ORciscoadaptive_security_appliance_softwareMatch7.1.2.38
ORciscoadaptive_security_appliance_softwareMatch7.1.2.42
ORciscoadaptive_security_appliance_softwareMatch7.1.2.46
ORciscoadaptive_security_appliance_softwareMatch7.1.2.49
ORciscoadaptive_security_appliance_softwareMatch7.1.2.53
ORciscoadaptive_security_appliance_softwareMatch7.2.2.34
ORciscoadaptive_security_appliance_softwareMatch7.2.3.1
ORciscoadaptive_security_appliance_softwareMatch7.2.2
ORciscoadaptive_security_appliance_softwareMatch7.2.4
ORciscoadaptive_security_appliance_softwareMatch7.2.3
ORciscoadaptive_security_appliance_softwareMatch7.2.1
ORciscoadaptive_security_appliance_softwareMatch7.2.4.27
ORciscoadaptive_security_appliance_softwareMatch7.2.4.30
ORciscoadaptive_security_appliance_softwareMatch7.2.5
ORciscoadaptive_security_appliance_softwareMatch7.2.4.33
ORciscoadaptive_security_appliance_softwareMatch7.2.1.9
ORciscoadaptive_security_appliance_softwareMatch7.2.1.13
ORciscoadaptive_security_appliance_softwareMatch7.2.1.19
ORciscoadaptive_security_appliance_softwareMatch7.2.1.24
ORciscoadaptive_security_appliance_softwareMatch7.2.2.6
ORciscoadaptive_security_appliance_softwareMatch7.2.2.10
ORciscoadaptive_security_appliance_softwareMatch7.2.2.14
ORciscoadaptive_security_appliance_softwareMatch7.2.2.18
ORciscoadaptive_security_appliance_softwareMatch7.2.2.19
ORciscoadaptive_security_appliance_softwareMatch7.2.2.22
ORciscoadaptive_security_appliance_softwareMatch7.2.3.12
ORciscoadaptive_security_appliance_softwareMatch7.2.3.16
ORciscoadaptive_security_appliance_softwareMatch7.2.4.6
ORciscoadaptive_security_appliance_softwareMatch7.2.4.9
ORciscoadaptive_security_appliance_softwareMatch7.2.4.18
ORciscoadaptive_security_appliance_softwareMatch7.2.4.25
ORciscoadaptive_security_appliance_softwareMatch7.2.5.2
ORciscoadaptive_security_appliance_softwareMatch7.2.5.4
ORciscoadaptive_security_appliance_softwareMatch7.2.5.7
ORciscoadaptive_security_appliance_softwareMatch7.2.5.8
ORciscoadaptive_security_appliance_softwareMatch7.2.5.10
ORciscoadaptive_security_appliance_softwareMatch7.2.5.12
ORciscoadaptive_security_appliance_softwareMatch8.0.2.11
ORciscoadaptive_security_appliance_softwareMatch8.0.4
ORciscoadaptive_security_appliance_softwareMatch8.0.3
ORciscoadaptive_security_appliance_softwareMatch8.0.2
ORciscoadaptive_security_appliance_softwareMatch8.0.1.2
ORciscoadaptive_security_appliance_softwareMatch8.0.4.25
ORciscoadaptive_security_appliance_softwareMatch8.0.4.28
ORciscoadaptive_security_appliance_softwareMatch8.0.4.33
ORciscoadaptive_security_appliance_softwareMatch8.0.4.32
ORciscoadaptive_security_appliance_softwareMatch8.0.5
ORciscoadaptive_security_appliance_softwareMatch8.0.2.15
ORciscoadaptive_security_appliance_softwareMatch8.0.3.6
ORciscoadaptive_security_appliance_softwareMatch8.0.3.12
ORciscoadaptive_security_appliance_softwareMatch8.0.3.19
ORciscoadaptive_security_appliance_softwareMatch8.0.4.3
ORciscoadaptive_security_appliance_softwareMatch8.0.4.9
ORciscoadaptive_security_appliance_softwareMatch8.0.4.16
ORciscoadaptive_security_appliance_softwareMatch8.0.4.23
ORciscoadaptive_security_appliance_softwareMatch8.0.4.31
ORciscoadaptive_security_appliance_softwareMatch8.0.5.20
ORciscoadaptive_security_appliance_softwareMatch8.0.5.23
ORciscoadaptive_security_appliance_softwareMatch8.0.5.25
ORciscoadaptive_security_appliance_softwareMatch8.0.5.27
ORciscoadaptive_security_appliance_softwareMatch8.0.5.28
ORciscoadaptive_security_appliance_softwareMatch8.0.5.31
ORciscoadaptive_security_appliance_softwareMatch8.2.0.45
ORciscoadaptive_security_appliance_softwareMatch8.2.1
ORciscoadaptive_security_appliance_softwareMatch8.2.2
ORciscoadaptive_security_appliance_softwareMatch8.2.2.10
ORciscoadaptive_security_appliance_softwareMatch8.2.1.11
ORciscoadaptive_security_appliance_softwareMatch8.2.2.9
ORciscoadaptive_security_appliance_softwareMatch8.2.2.12
ORciscoadaptive_security_appliance_softwareMatch8.1.1
ORciscoadaptive_security_appliance_softwareMatch8.1.2
ORciscoadaptive_security_appliance_softwareMatch8.1.2.15
ORciscoadaptive_security_appliance_softwareMatch8.1.2.16
ORciscoadaptive_security_appliance_softwareMatch8.1.2.19
ORciscoadaptive_security_appliance_softwareMatch8.1.2.23
ORciscoadaptive_security_appliance_softwareMatch8.1.2.24
ORciscoadaptive_security_appliance_softwareMatch8.1.2.50
ORciscoadaptive_security_appliance_softwareMatch8.1.1.6
ORciscoadaptive_security_appliance_softwareMatch8.1.2.13
ORciscoadaptive_security_appliance_softwareMatch8.1.2.49
ORciscoadaptive_security_appliance_softwareMatch8.1.2.55
ORciscoadaptive_security_appliance_softwareMatch8.1.2.56
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 7.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0.1.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0.4.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.2:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2015-0760
2015-06-04 10:59:00
openvas
openvas
Cisco ASA XAUTH Bypass Vulnerability (Cisco-SA-20150602-CVE-2015-0760)
2015-06-23 00:00:00
cvelist
cvelist
CVE-2015-0760
2015-06-04 10:00:00
prion
prion
Authentication flaw
2015-06-04 10:59:00
nvd
nvd
CVE-2015-0760
2015-06-04 10:59:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
47.5%
Related for CISCO-SA-20150602-CVE-2015-0760