Details of VAR-201101-0326

ID

VAR-201101-0326

CVE

CVE-2010-4689

TITLE

Cisco Adaptive Security Appliances Vulnerabilities that prevent access restrictions on devices

Trust: 0.8

sources: JVNDB: JVNDB-2011-001107

DESCRIPTION

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. The vulnerabilities include multiple denial-of-service vulnerabilities, a security-bypass vulnerability, and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to deny service to legitimate users, bypass security restrictions and gain unauthorized access, execute arbitrary script code, or steal cookie-based authentication credentials. Other attacks may also be possible. Cisco ASA 5500 series security appliances with software prior to 8.3(2) are vulnerable

Trust: 2.52

sources: NVD: CVE-2010-4689 // JVNDB: JVNDB-2011-001107 // CNVD: CNVD-2011-0102 // BID: 45768 // VULHUB: VHN-47294

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-0102

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.48\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.5\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.8\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.18\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.19\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.16\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.10\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.49\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(6.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(1\)	Trust: 1.0
vendor:	cisco	model:	5500 series adaptive security appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.27\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	asa 5500	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.15\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5.2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3.9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1\(2.48\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.17\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(1.22\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2\(2.14\)	Trust: 1.0
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.0(8.10)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.0(8.11)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.1	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.2	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.2(4.44)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.2(4.45)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.2(4.46)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.2(5)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(4.38)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(4.44)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.1)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.15)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.17)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.19)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.2)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.6)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.0(5.7)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.35)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.37)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.39)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.40)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.44)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.45)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.46)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(1.10)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(1.15)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(1.16)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(1.2)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(1.5)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(2)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(2.1)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(2.10)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(2.13)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(2.17)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(3)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2(4)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.3	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.3(0.08)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.3(1.1)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.3(1.6)	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.0	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.0.4	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55007.0.4.3	Trust: 0.9
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2.2	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance	scope:	lt	version:	5500 version 8.3(2)	Trust: 0.8
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.2	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	eq	version:	55008.1(2.29)	Trust: 0.3
vendor:	cisco	model:	asa series adaptive security appliance	scope:	ne	version:	55008.3(2)	Trust: 0.3

sources: CNVD: CNVD-2011-0102 // BID: 45768 // JVNDB: JVNDB-2011-001107 // CNNVD: CNNVD-201101-072 // NVD: CVE-2010-4689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4689
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-4689
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201101-072
value:	HIGH
Trust: 0.6
VULHUB:	VHN-47294
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-4689
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-47294
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-47294 // JVNDB: JVNDB-2011-001107 // CNNVD: CNNVD-201101-072 // NVD: CVE-2010-4689

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-47294 // JVNDB: JVNDB-2011-001107 // NVD: CVE-2010-4689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201101-072

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201101-072

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001107

PATCH

title:	22291	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=22291	Trust: 0.8
title:	Release Notes for the Cisco ASA 5500 Series, Version 8.3(x)	url:	http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf	Trust: 0.8
title:	Cisco Adaptive Security Appliance incorrectly retains patches for ACL behavior rule vulnerabilities after migration	url:	https://www.cnvd.org.cn/patchInfo/show/2528	Trust: 0.6

sources: CNVD: CNVD-2011-0102 // JVNDB: JVNDB-2011-001107

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4689	Trust: 3.4
db:	BID	id:	45768	Trust: 2.2
db:	SECTRACK	id:	1024963	Trust: 1.9
db:	XF	id:	64575	Trust: 0.8
db:	VUPEN	id:	ADV-2011-0130	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-001107	Trust: 0.8
db:	CNNVD	id:	CNNVD-201101-072	Trust: 0.7
db:	CNVD	id:	CNVD-2011-0102	Trust: 0.6
db:	VULHUB	id:	VHN-47294	Trust: 0.1

sources: CNVD: CNVD-2011-0102 // VULHUB: VHN-47294 // BID: 45768 // JVNDB: JVNDB-2011-001107 // CNNVD: CNNVD-201101-072 // NVD: CVE-2010-4689

REFERENCES

url:	http://www.securityfocus.com/bid/45768	Trust: 1.9
url:	http://www.cisco.com/en/us/docs/security/asa/asa83/release/notes/asarn83.pdf	Trust: 1.7
url:	http://www.securitytracker.com/id?1024963	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/64575	Trust: 1.1
url:	http://www.cisco.com/en/us/docs/security/asa/asa83/release/notes/asarn83.html	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4689	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/64575	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4689	Trust: 0.8
url:	http://securitytracker.com/id?1024963	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2011/0130	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2011-0102 // VULHUB: VHN-47294 // BID: 45768 // JVNDB: JVNDB-2011-001107 // CNNVD: CNNVD-201101-072 // NVD: CVE-2010-4689

CREDITS

Cisco

Trust: 0.3

sources: BID: 45768

SOURCES

db:	CNVD	id:	CNVD-2011-0102
db:	VULHUB	id:	VHN-47294
db:	BID	id:	45768
db:	JVNDB	id:	JVNDB-2011-001107
db:	CNNVD	id:	CNNVD-201101-072
db:	NVD	id:	CVE-2010-4689

LAST UPDATE DATE

2024-11-23T21:47:04.031000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-0102	date:	2011-01-12T00:00:00
db:	VULHUB	id:	VHN-47294	date:	2017-08-17T00:00:00
db:	BID	id:	45768	date:	2011-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-001107	date:	2011-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201101-072	date:	2011-01-10T00:00:00
db:	NVD	id:	CVE-2010-4689	date:	2024-11-21T01:21:31.613

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-0102	date:	2011-01-12T00:00:00
db:	VULHUB	id:	VHN-47294	date:	2011-01-07T00:00:00
db:	BID	id:	45768	date:	2011-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2011-001107	date:	2011-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201101-072	date:	2011-01-10T00:00:00
db:	NVD	id:	CVE-2010-4689	date:	2011-01-07T23:00:19.500