Information disclosure in Cisco Adaptive_security_appliance_5505
CVE-2017-12373
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbach…
Vulnerability class: Information Disclosure
EPSS: 0.669 (98.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Cisco Adaptive_security_appliance_5505
- Cisco Adaptive_security_appliance_5505_firmware
- Cisco Adaptive_security_appliance_5510
- Cisco Adaptive_security_appliance_5510_firmware
- Cisco Adaptive_security_appliance_5520
- Cisco Adaptive_security_appliance_5520_firmware
- Cisco Adaptive_security_appliance_5540
- Cisco Adaptive_security_appliance_5540_firmware
- Cisco Adaptive_security_appliance_5550
- Cisco Adaptive_security_appliance_5550_firmware
Weakness classification (CWE)
Public proof-of-concept exploits
References
- psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- psirt@cisco.com (x_refsource_CONFIRM, Mitigation, Issue Tracking, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-12373?
- CVE-2017-12373 is a medium-severity vulnerability in Cisco Adaptive_security_appliance_5505, classified under Information Disclosure. CVSS score: 5.9/10. Published 2017-12-15.
- How severe is CVE-2017-12373?
- Medium severity. CVSS v3 base score is 5.9 out of 10.
- Is CVE-2017-12373 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.