The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CWE ID | Type | Source |
|---|---|---|
| CWE-287 | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa | psirt@cisco.com | Vendor Advisory |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511 | psirt@cisco.com | Vendor Advisory |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |