CVE-2007-0397

Severity

64%

Complexity

99%

Confidentiality

81%

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N).

Overview

First reported 18 years ago

2007-01-20 01:28:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Cisco Adaptive Security Appliance (ASA) Device Manager 5.2.53

5.2.53

References

32720

23836

1017535

1017536

20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Patch

22111

ADV-2007-0245

cisco-csmars-asdm-device-spoofing(31567)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.