Lucene search

[email protected]CVE-2010-4354

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-4354

2022-10-0316:21:03

CWE-200

[email protected]

web.nvd.nist.gov

cisco

adaptive security appliances

asa

pix security appliances

vpn concentrators

remote-access

ipsec

aggressive mode

ike phase i

vulnerability

cve-2010-4354

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025.

Affected configurations

NVD

Node

ciscoasa_5500

Node

ciscopix_500

Node

ciscovpn_3000_concentrator

ciscovpn_3005_concentrator

ciscovpn_3015_concentrator

ciscovpn_3020_concentrator

ciscovpn_3030_concentator

ciscovpn_3060_concentrator

ciscovpn_3080_concentrator

CPENameOperatorVersion
cisco:asa_5500cisco asa 5500eq*

CPE	Name	Operator	Version
cisco:asa_5500	cisco asa 5500	eq	*

References

www.cisco.com/en/US/products/products_security_response09186a0080b5992c.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2010-4354

prion1 nvd2 cvelist2 cisco1 cve1