Auth bypass in Cisco 5500_series_adaptive_security_appliance

CVE-2012-0335

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive informatio…

Vulnerability class: Broken Authentication

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

Affected products

Cisco 5500_series_adaptive_security_appliance
Cisco Adaptive_security_appliance_software — versions 7.2, 7.2\(1\), 7.2\(1.22\)
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@cisco.com (x_refsource_CONFIRM)
53558 (vdb-entry, x_refsource_BID)
49139 (x_refsource_SECUNIA, third-party-advisory)
1027008 (vdb-entry, x_refsource_SECTRACK)