Cisco Bug: CSCuo65775 - Cisco ASA Information Disclosure Vulnerability
Nov 03, 2020
- Cisco Adaptive Security Appliance (ASA) Software
Known Affected Releases
8.4 9.1 9.3 9.4
Symptom: A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance. The vulnerability occurs because the Cisco ASA does not sufficiently protect sensitive data during a Cisco AnyConnect client authentication attempt. An attacker could exploit the vulnerability by attempting to authenticate to the Cisco ASA with AnyConnect. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa Conditions: Device running with IKE/WVPN enabled on an interface on an affected version of software using the AnyConnect client. The AnyConnect client can be running any version of software.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases