CVE-2015-0760

The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39157	Vendor Advisory
http://www.securitytracker.com/id/1032473	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/viewAlert.x?alertId=39157	Vendor Advisory
http://www.securitytracker.com/id/1032473	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=39157 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=39157 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1032473 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1032473 - Third Party Advisory, VDB Entry

Information

Published : 2015-06-04 10:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-0760

Mitre link : CVE-2015-0760

CVE.ORG link : CVE-2015-0760

JSON object : View

Products Affected

cisco

adaptive_security_appliance_software

CWE

CWE-20

Improper Input Validation

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-0760", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-04T10:59:00.067", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39157", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032473", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39157", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032473", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259."}, {"lang": "es", "value": "La implementaci\u00f3n IKEv1 en Cisco ASA Software 7.x, 8.0.x, 8.1.x, y 8.2.x anterior a 8.2.2.13 permite a usuarios remotos autenticados evadir la autenticaci\u00f3n XAUTH a trav\u00e9s de paquetes IKEv1 manipulados, tambi\u00e9n conocido como Bug ID CSCus47259."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A49BE4-2659-4A00-A71E-1E2BB5D60846", "versionEndExcluding": "8.2.2.13", "versionStartIncluding": "7.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}