Details of VAR-201310-0538

ID

VAR-201310-0538

CVE

CVE-2013-5511

TITLE

Cisco ASA Software ASDM Vulnerabilities that prevent authentication in the remote management function

Trust: 0.8

sources: JVNDB: JVNDB-2013-004646

DESCRIPTION

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815. Vendors have confirmed this vulnerability Bug ID CSCuh44815 It is released as.By a third party ASDM To the interface TCP Authentication may be bypassed through the session. Successfully exploiting this issue will allow attackers to bypass the digital certificate authentication and gain unauthorized access to the affected device. This issue is tracked by Cisco Bug ID CSCuh44815. certified. A remote attacker can use this vulnerability to bypass authentication, log in to the system management interface as an administrator, and then control the entire system. The following versions are affected: Cisco Adaptive Security Appliance Software 8.2.x prior to 8.2(5.46), 8.3.x prior to 8.3(2.39), 8.4.x prior to 8.4(6), 8.5 prior to 8.5(1.18) .x version, 8.6.x version before 8.6(1.12), 8.7.x version before 8.7(1.7), 9.0.x version before 9.0(3.1), 9.1.x version before 9.1(2.6)

Trust: 1.98

sources: NVD: CVE-2013-5511 // JVNDB: JVNDB-2013-004646 // BID: 62917 // VULHUB: VHN-65513

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.10\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.38\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(5.35\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.4\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1.17\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(1.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7\(1.3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.37\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(2.34\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(2.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(1.7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5\(1.4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6\(1.3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(4.11\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2\(3.9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.5.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3(2.39)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.6.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.46)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5(1.18)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(6.6)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(2.6)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.7.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7(1.7)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6(1.12)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.3.x	Trust: 0.8

sources: JVNDB: JVNDB-2013-004646 // CNNVD: CNNVD-201310-239 // NVD: CVE-2013-5511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5511
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5511
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-239
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-65513
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5511
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65513
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65513 // JVNDB: JVNDB-2013-004646 // CNNVD: CNNVD-201310-239 // NVD: CVE-2013-5511

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-65513 // JVNDB: JVNDB-2013-004646 // NVD: CVE-2013-5511

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-239

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201310-239

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004646

PATCH

title:	cisco-sa-20131009-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa	Trust: 0.8
title:	Digital Certificate HTTP Authentication Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511	Trust: 0.8
title:	31103	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31103	Trust: 0.8
title:	cisco-sa-20131009-asa	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119989_cisco-sa-20131009-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004646

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5511	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004646	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-239	Trust: 0.7
db:	CISCO	id:	20131009 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	BID	id:	62917	Trust: 0.4
db:	VULHUB	id:	VHN-65513	Trust: 0.1

sources: VULHUB: VHN-65513 // BID: 62917 // JVNDB: JVNDB-2013-004646 // CNNVD: CNNVD-201310-239 // NVD: CVE-2013-5511

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131009-asa	Trust: 2.0
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5511	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5511	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5511	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-65513 // BID: 62917 // JVNDB: JVNDB-2013-004646 // CNNVD: CNNVD-201310-239 // NVD: CVE-2013-5511

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62917

SOURCES

db:	VULHUB	id:	VHN-65513
db:	BID	id:	62917
db:	JVNDB	id:	JVNDB-2013-004646
db:	CNNVD	id:	CNNVD-201310-239
db:	NVD	id:	CVE-2013-5511

LAST UPDATE DATE

2024-11-23T21:45:31.138000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65513	date:	2016-11-01T00:00:00
db:	BID	id:	62917	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004646	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201310-239	date:	2013-11-01T00:00:00
db:	NVD	id:	CVE-2013-5511	date:	2024-11-21T01:57:37.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65513	date:	2013-10-13T00:00:00
db:	BID	id:	62917	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004646	date:	2013-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201310-239	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5511	date:	2013-10-13T10:20:04.333