Lucene search
CiscoCVE-2013-5510HistoryOct 13, 2013 - 10:20 a.m.
CVE-2013-5510
2013-10-1310:20:04
CWE-287
cisco
web.nvd.nist.gov
24
cve-2013-5510
cisco
asa
vpn
authentication bypass
bug id
cscug83401
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0.002
Percentile
58.1%
The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch7.0
ORciscoadaptive_security_appliance_softwareMatch7.0\(0\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(1\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(2\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(4\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(5\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(5.2\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(6\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(6.7\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(7\)
ORciscoadaptive_security_appliance_softwareMatch7.0\(8\)
ORciscoadaptive_security_appliance_softwareMatch7.0.1
ORciscoadaptive_security_appliance_softwareMatch7.0.1.4
ORciscoadaptive_security_appliance_softwareMatch7.0.2
ORciscoadaptive_security_appliance_softwareMatch7.0.4
ORciscoadaptive_security_appliance_softwareMatch7.0.4.3
ORciscoadaptive_security_appliance_softwareMatch7.0.5
ORciscoadaptive_security_appliance_softwareMatch7.0.6
ORciscoadaptive_security_appliance_softwareMatch7.0.7
ORciscoadaptive_security_appliance_softwareMatch7.0.8
ORciscoadaptive_security_appliance_softwareMatch7.0.8interim
ORciscoadaptive_security_appliance_softwareMatch7.1
ORciscoadaptive_security_appliance_softwareMatch7.1\(2\)
ORciscoadaptive_security_appliance_softwareMatch7.1\(2.5\)
ORciscoadaptive_security_appliance_softwareMatch7.1\(2.27\)
ORciscoadaptive_security_appliance_softwareMatch7.1\(2.48\)
ORciscoadaptive_security_appliance_softwareMatch7.1\(2.49\)
ORciscoadaptive_security_appliance_softwareMatch7.1\(5\)
ORciscoadaptive_security_appliance_softwareMatch7.1.1
ORciscoadaptive_security_appliance_softwareMatch7.1.2
ORciscoadaptive_security_appliance_softwareMatch7.2
ORciscoadaptive_security_appliance_softwareMatch7.2\(1\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(1.22\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.5\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.7\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.8\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.10\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.14\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.15\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.16\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.17\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.18\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.19\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(2.48\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(3\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(4\)
ORciscoadaptive_security_appliance_softwareMatch7.2\(5\)
ORciscoadaptive_security_appliance_softwareMatch8.0
ORciscoadaptive_security_appliance_softwareMatch8.0\(2\)
ORciscoadaptive_security_appliance_softwareMatch8.0\(3\)
ORciscoadaptive_security_appliance_softwareMatch8.0\(4\)
ORciscoadaptive_security_appliance_softwareMatch8.0\(5\)
ORciscoadaptive_security_appliance_softwareMatch8.0\(5.28\)
ORciscoadaptive_security_appliance_softwareMatch8.0\(5.31\)
ORciscoadaptive_security_appliance_softwareMatch8.0.2
ORciscoadaptive_security_appliance_softwareMatch8.0.3
ORciscoadaptive_security_appliance_softwareMatch8.0.4
ORciscoadaptive_security_appliance_softwareMatch8.0.5
ORciscoadaptive_security_appliance_softwareMatch8.1
ORciscoadaptive_security_appliance_softwareMatch8.2
ORciscoadaptive_security_appliance_softwareMatch8.2\(1\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(2\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(3\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(3.9\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(4\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(4.1\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(4.4\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(5\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(5.35\)
ORciscoadaptive_security_appliance_softwareMatch8.2\(5.38\)
ORciscoadaptive_security_appliance_softwareMatch8.4
ORciscoadaptive_security_appliance_softwareMatch8.4\(1\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(1.11\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(2\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(2.11\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(3\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(4.11\)
ORciscoadaptive_security_appliance_softwareMatch8.4\(5\)
ORciscoadaptive_security_appliance_softwareMatch8.6
ORciscoadaptive_security_appliance_softwareMatch8.6\(1\)
ORciscoadaptive_security_appliance_softwareMatch8.6\(1.10\)
ORciscoadaptive_security_appliance_softwareMatch9.0
ORciscoadaptive_security_appliance_softwareMatch9.1
ORciscoadaptive_security_appliance_softwareMatch9.1\(1.7\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 7.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(0) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(0\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(1) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(1\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(2) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(2\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(4) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(4\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(5) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(5.2) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5.2\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(6) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(6.7) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6.7\):*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 7.0(7) | cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(7\):*:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2013-10-13 10:20:00
nvd
nvd
CVE-2013-5510
2013-10-13 10:20:04
cvelist
cvelist
CVE-2013-5510
2013-10-13 10:00:00
cisco
cisco
Cisco Adaptive Security Appliance Software Remote Access VPN Authentication Bypass Vulnerability
2013-10-09 16:19:01
Multiple Vulnerabilities in Cisco ASA Software
2013-10-09 16:00:00
securityvulns
securityvulns
Cisco ASA / FWSM multiple security vulnerabilities
2013-10-13 00:00:00
nessus
nessus
Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20131009-asa)
2013-10-17 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0.002
Percentile
58.1%
Related for CVE-2013-5510