Detections
Analytics
Cisco ASA 5500 Series Adaptive Security Appliance NTLMv1 Authentication Bypass (cisco-sa-20100217-asa)
high Nessus Plugin ID 44945
Language:
Synopsis
The remote SSL VPN Server is vulnerable to an authentication bypass vulnerability.Description
The remote host is a Cisco Adaptive Security Appliance (ASA). The version of the software used on this appliance is affected by an NT LAN Manager version 1 (NTLMv1) authentication bypass vulnerability.An attacker can exploit this flaw to log into the remote network without supplying any credentials.
Solution
Install the appropriate firmware upgrade as described in the vendor's advisory.See Also
http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml
Plugin Details
Severity: High
ID: 44945
File Name: cisco_asa_multiple_flaws2.nbin
Version: 1.88
Type: remote
Family: Firewalls
Published: 3/1/2010
Updated: 3/19/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/17/2010
Vulnerability Publication Date: 2/17/2010
Reference Information
CVE: CVE-2010-0568
BID: 38279