CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
38.8%
A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations.
The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by sending an HTTP request to a specific URL.
Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | asa_cx_context-aware_security_software | any | cpe:2.3:a:cisco:asa_cx_context-aware_security_software:any:*:*:*:*:*:*:* |