CVE-2015-0675 in ASAinfo

Summary

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/07/2015

Disclosure

04/12/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-284 (Confirmed)

CVSS

8.8

EPSS

0.00214

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-0675
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0675
CVE Details	https://www.cvedetails.com/cve/CVE-2015-0675/

◂ Previous Overview Next ▸