Lucene search

[email protected]CVE-2007-0397

HistoryJan 20, 2007 - 1:28 a.m.

CVE-2007-0397

2007-01-2001:28:00

[email protected]

web.nvd.nist.gov

cisco

cs-mars

asdm

ssl

tls

ssh

security

vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

Affected configurations

NVD

Node

ciscosecurity_monitoring_analysis_and_response_systemMatch4.2.3

Node

ciscoadaptive_security_appliance_device_managerMatch5.2.53

CPENameOperatorVersion
cisco:security_monitoring_analysis_and_response_systemcisco security monitoring analysis and response systemeq4.2.3

CPE	Name	Operator	Version
cisco:security_monitoring_analysis_and_response_system	cisco security monitoring analysis and response system	eq	4.2.3

References

osvdb.org/32720

secunia.com/advisories/23836

securitytracker.com/id?1017535

securitytracker.com/id?1017536

www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml

www.securityfocus.com/bid/22111

www.vupen.com/english/advisories/2007/0245

exchange.xforce.ibmcloud.com/vulnerabilities/31567

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2007-0397

cvelist1 nvd1 prion1 securityvulns1 cisco1