Information disclosure in Cisco Adaptive_security_appliance

CVE-2013-1194

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate…

Vulnerability class: Information Disclosure

EPSS: 0.004 (59.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Adaptive_security_appliance
Cisco Adaptive_security_appliance_software
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20130417 Cisco ASA Software VPN Group Enumeration Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
20130418 TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation (mailing-list, x_refsource_BUGTRAQ, Broken Link)