CVE-2009-1155
Published Apr 9, 2009
Last updated 16 years ago
Overview
- Description
- Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Evaluator
- Comment
- -
- Impact
- Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml "VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability. Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is disabled by default. "
- Solution
- Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml "VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances that are configured for IPsec or SSL-based remote access VPN and have the Override Account Disabled feature enabled are affected by this vulnerability. Note: The Override Account Disabled feature was introduced in Cisco ASA software version 7.1(1). Cisco ASA and PIX software versions 7.1, 7.2, 8.0, and 8.1 are affected by this vulnerability. This feature is disabled by default. "
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76EAF7E0-6C0A-4B62-8776-CDE7CEB4565A"
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97290344-5440-4797-9668-AA1050E87C41"
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610"
},
{
"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6"
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4991BC7-B07D-4D8C-885C-136AD9D4E209"
},
{
"criteria": "cpe:2.3:h:cisco:pix:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85B161D0-D78B-4517-88AC-3A110F13C154"
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35649F68-BD09-4684-925D-620D99B42CE8"
},
{
"criteria": "cpe:2.3:h:cisco:pix:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E32C602C-E278-4DA2-B7D0-941FABA9ADC0"
}
],
"operator": "OR"
}
]
}
]