Lucene search

CiscoCVE-2015-6344

HistoryOct 30, 2015 - 10:59 a.m.

CVE-2015-6344

2015-10-3010:59:00

CWE-200

cisco

web.nvd.nist.gov

cisco

asa

security

vulnerability

bypass

http

request

nvd

cve-2015-6344

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.

Affected configurations

Nvd

Node

ciscoasa_cx_context-aware_security_softwareMatch9.3.4.1.11

VendorProductVersionCPE
ciscoasa_cx_context-aware_security_software9.3.4.1.11cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4.1.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	asa_cx_context-aware_security_software	9.3.4.1.11	cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4.1.11:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas

www.securitytracker.com/id/1034001

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

Related for CVE-2015-6344