Back to search
CVE-2007-0397
Published: Jan 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1017535
vdb-entry
x_refsource_SECTRACK
22111
vdb-entry
x_refsource_BID
32720
vdb-entry
x_refsource_OSVDB
ADV-2007-0245
vdb-entry
x_refsource_VUPEN
1017536
vdb-entry
x_refsource_SECTRACK
23836
third-party-advisory
x_refsource_SECUNIA
cisco-csmars-asdm-device-spoofing(31567)
vdb-entry
x_refsource_XF
20070118 SSL/TLS Certificate and SSH Public Key Validation Vulnerability
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now