Details of VAR-201506-0152

ID

VAR-201506-0152

CVE

CVE-2015-0760

TITLE

Cisco Adaptive Security Appliance Software IKEv1 In the implementation of XAUTH Vulnerability that bypasses authentication

Trust: 0.8

sources: JVNDB: JVNDB-2015-002939

DESCRIPTION

The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. Cisco Adaptive Security Appliance Software IKEv1 The implementation of XAUTH A vulnerability exists that prevents authentication. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCus47259. The platform provides features such as highly secure access to data and network resources. The following versions are affected: Cisco ASA Software 7.x releases, 8.0.x releases, 8.1.x releases, 8.2.x releases prior to 8.2.2.13

Trust: 1.98

sources: NVD: CVE-2015-0760 // JVNDB: JVNDB-2015-002939 // BID: 74957 // VULHUB: VHN-78706

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2.2.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.1	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.13	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5.2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5.28	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(4\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(5\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(1\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5.27	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(2\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0\(0\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.29	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.210	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.531	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.528	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.527	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.525	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.523	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.520	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.433	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.432	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.431	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.428	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.425	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.423	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.416	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.58	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.57	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.54	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.52	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.512	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.510	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.46	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.433	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.430	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.427	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.425	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.418	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.316	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.312	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.31	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.26	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.234	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.222	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.219	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.218	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.214	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.210	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.19	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.124	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.119	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.113	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.88	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.82	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.813	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.812	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.8	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.79	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.74	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.712	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.71	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.68	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.64	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.632	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.629	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.626	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.622	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.618	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.512	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.42	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.14	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.12	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1.11	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.0.45	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.2.56	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.2.55	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.2.50	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.2.11	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.1.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.0.0	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.16)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.15)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.2(5.12)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	8.2.2.13	Trust: 0.3

sources: BID: 74957 // JVNDB: JVNDB-2015-002939 // CNNVD: CNNVD-201506-049 // NVD: CVE-2015-0760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0760
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0760
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78706
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0760
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78706
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78706 // JVNDB: JVNDB-2015-002939 // CNNVD: CNNVD-201506-049 // NVD: CVE-2015-0760

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-78706 // JVNDB: JVNDB-2015-002939 // NVD: CVE-2015-0760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-049

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201506-049

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002939

PATCH

title:	39157	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39157	Trust: 0.8
title:	Cisco ASA Software IKEv1 Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194471	Trust: 0.6

sources: JVNDB: JVNDB-2015-002939 // CNNVD: CNNVD-201506-049

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0760	Trust: 2.8
db:	SECTRACK	id:	1032473	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-002939	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-049	Trust: 0.7
db:	BID	id:	74957	Trust: 0.4
db:	VULHUB	id:	VHN-78706	Trust: 0.1

sources: VULHUB: VHN-78706 // BID: 74957 // JVNDB: JVNDB-2015-002939 // CNNVD: CNNVD-201506-049 // NVD: CVE-2015-0760

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39157	Trust: 2.0
url:	http://www.securitytracker.com/id/1032473	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0760	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0760	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78706 // BID: 74957 // JVNDB: JVNDB-2015-002939 // CNNVD: CNNVD-201506-049 // NVD: CVE-2015-0760

CREDITS

Cisco

Trust: 0.3

sources: BID: 74957

SOURCES

db:	VULHUB	id:	VHN-78706
db:	BID	id:	74957
db:	JVNDB	id:	JVNDB-2015-002939
db:	CNNVD	id:	CNNVD-201506-049
db:	NVD	id:	CVE-2015-0760

LAST UPDATE DATE

2024-11-23T23:12:39.295000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78706	date:	2017-01-04T00:00:00
db:	BID	id:	74957	date:	2015-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002939	date:	2015-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-049	date:	2022-06-01T00:00:00
db:	NVD	id:	CVE-2015-0760	date:	2024-11-21T02:23:40.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78706	date:	2015-06-04T00:00:00
db:	BID	id:	74957	date:	2015-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002939	date:	2015-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-049	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-0760	date:	2015-06-04T10:59:00.067