7.5

CVE-2011-2054

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoAsa 5500 Firmware Version8.4(1)
   CiscoAsa 5500 Version-
CiscoAsa 5510 Firmware Version8.4(1)
   CiscoAsa 5510 Version-
CiscoAsa 5512-x Firmware Version8.4(1)
   CiscoAsa 5512-x Version-
CiscoAsa 5515-x Firmware Version8.4(1)
   CiscoAsa 5515-x Version-
CiscoAsa 5520 Firmware Version8.4(1)
   CiscoAsa 5520 Version-
CiscoAsa 5525-x Firmware Version8.4(1)
   CiscoAsa 5525-x Version-
CiscoAsa 5540 Firmware Version8.4(1)
   CiscoAsa 5540 Version-
CiscoAsa 5545-x Firmware Version8.4(1)
   CiscoAsa 5545-x Version-
CiscoAsa 5550 Firmware Version8.4(1)
   CiscoAsa 5550 Version-
CiscoAsa 5555-x Firmware Version8.4(1)
   CiscoAsa 5555-x Version-
CiscoAsa 5580 Firmware Version8.4(1)
   CiscoAsa 5580 Version-
CiscoAsa 5585-x Firmware Version8.4(1)
   CiscoAsa 5585-x Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.346
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
psirt@cisco.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.