Information disclosure in Cisco Asa_cx_context-aware_security_software

CVE-2015-6344

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP reque…

Vulnerability class: Information Disclosure

EPSS: 0.002 (36.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Asa_cx_context-aware_security_software — versions 9.3.4.1.11
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1034001 (vdb-entry, x_refsource_SECTRACK)
20151027 Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)