Preview Tool

Cisco Bug: CSCuo65775 - Cisco ASA Information Disclosure Vulnerability

Last Modified

Nov 03, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

8.4 9.1 9.3 9.4

Description (partial)

A vulnerability in the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.

The vulnerability occurs because the Cisco ASA does not sufficiently protect sensitive data during a Cisco AnyConnect client authentication attempt. An attacker could exploit the vulnerability by attempting to authenticate to the Cisco ASA with AnyConnect.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

Device running with IKE/WVPN enabled on an interface on an affected version of software using the AnyConnect client.

The AnyConnect client can be running any version of software.

Related Community Discussions

subscription for updates
hello, i have a question about subscription for security updates for particular systems. Is possible or not and in case of yes, how? For example i'm responsible for Nexus Switches with NX-OS version  Nexus  7.1(3), for ASA Firewall 9.3.2, ACS 5.7 and WLC OS 8.1.122. I don't care about security updates for routers and switches at all. Also i don't care for example about new exploits in NX-OS in version 5.x, 6.x or 7.2.x, but it is important for me to get notification about new exploits in NX-OS version ...
Latest activity: Jan 24, 2016
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.