Sign-up

ID

VAR-201507-0496


CVE

CVE-2015-4458


TITLE

Cisco Adaptive Security Appliance Included with software and other products Cavium Cryptographic module firmware TLS In the implementation of TLS Vulnerability impersonating content

Trust: 0.8

sources: JVNDB: JVNDB-2015-003887

DESCRIPTION

The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. Vendors have confirmed this vulnerability Bug ID CSCuu52976 It is released as.Man-in-the-middle attacks (man-in-the-middle attack) By changing the packet, TLS The content may be forged. Cisco Adaptive Security Appliance is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuu52976

Trust: 2.07

sources: NVD: CVE-2015-4458 // JVNDB: JVNDB-2015-003887 // BID: 75918 // VULHUB: VHN-82419 // VULMON: CVE-2015-4458

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.5.21

Trust: 1.9

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1 (5.21)

Trust: 0.8

sources: BID: 75918 // JVNDB: JVNDB-2015-003887 // CNNVD: CNNVD-201507-643 // NVD: CVE-2015-4458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4458
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4458
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-643
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82419
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-4458
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4458
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-82419
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82419 // VULMON: CVE-2015-4458 // JVNDB: JVNDB-2015-003887 // CNNVD: CNNVD-201507-643 // NVD: CVE-2015-4458

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-82419 // JVNDB: JVNDB-2015-003887 // NVD: CVE-2015-4458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-643

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201507-643

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003887

PATCH
title:39919url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39919
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003887

EXTERNAL IDS
db:NVDid:CVE-2015-4458
Trust: 2.9
db:SECTRACKid:1032927
Trust: 1.2
db:JVNDBid:JVNDB-2015-003887
Trust: 0.8
db:CNNVDid:CNNVD-201507-643
Trust: 0.7
db:BIDid:75918
Trust: 0.4
db:VULHUBid:VHN-82419
Trust: 0.1
db:VULMONid:CVE-2015-4458
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82419 // 
            
            
            
            VULMON: CVE-2015-4458 // 
            
            
            
            BID: 75918 // 
            
            
            
            JVNDB: JVNDB-2015-003887 // 
            
            
            
            CNNVD: CNNVD-201507-643 // 
            
            
            
            NVD: CVE-2015-4458

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39919
Trust: 2.1
url:http://www.securitytracker.com/id/1032927
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4458
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4458
Trust: 0.8
url:http://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asa-software/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/310.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/cisco-asa-cve-2015-4458
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82419 // 
            
            
            
            VULMON: CVE-2015-4458 // 
            
            
            
            BID: 75918 // 
            
            
            
            JVNDB: JVNDB-2015-003887 // 
            
            
            
            CNNVD: CNNVD-201507-643 // 
            
            
            
            NVD: CVE-2015-4458

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75918

SOURCES
db:VULHUBid:VHN-82419
db:VULMONid:CVE-2015-4458
db:BIDid:75918
db:JVNDBid:JVNDB-2015-003887
db:CNNVDid:CNNVD-201507-643
db:NVDid:CVE-2015-4458

LAST UPDATE DATE
2024-11-23T23:02:40.237000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82419date:2017-09-22T00:00:00
db:VULMONid:CVE-2015-4458date:2017-09-22T00:00:00
db:BIDid:75918date:2015-07-14T00:00:00
db:JVNDBid:JVNDB-2015-003887date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-643date:2015-07-20T00:00:00
db:NVDid:CVE-2015-4458date:2024-11-21T02:31:06.713

SOURCES RELEASE DATE
db:VULHUBid:VHN-82419date:2015-07-18T00:00:00
db:VULMONid:CVE-2015-4458date:2015-07-18T00:00:00
db:BIDid:75918date:2015-07-14T00:00:00
db:JVNDBid:JVNDB-2015-003887date:2015-07-23T00:00:00
db:CNNVDid:CNNVD-201507-643date:2015-07-20T00:00:00
db:NVDid:CVE-2015-4458date:2015-07-18T10:59:02.713