VDB

CISCO-SA-20180418-ASA1

CISCO-SA-20180418-ASA1 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1"]

Risk Scores

CVSS v3.1
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
9.4.3.6
9.4.3.11
9.4.4.5
9.4.2
9.4.3.8
9.4.1.1
9.4.1.5
9.4.1.3
9.4.1.2
9.4.4.6
9.4.0.115
9.4.2.3
9.4.4
9.4.1
9.4.4.8
9.4.3.4
9.4.3
9.4.3.3
9.4.4.2
9.4.3.12

Timeline

  • Apr 18, 2018 CVE Published
  • Apr 27, 2018 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›