Auth bypass in Cisco 5500_series_adaptive_security_appliance

CVE-2010-4690

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote a…

Vulnerability class: Broken Authentication

EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.

Affected products

Cisco 5500_series_adaptive_security_appliance
Cisco Adaptive_security_appliance_software — versions 7.0, 7.0\(0\), 7.0\(2\)
Cisco Asa_5500
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

1024963 (vdb-entry, x_refsource_SECTRACK)
45768 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
cisco-asa-mus-info-disclosure(64574) (vdb-entry, x_refsource_XF)
42931 (x_refsource_SECUNIA, third-party-advisory)