Back to search
CVE-2015-0675
Published: Apr 13, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1032045
vdb-entry
x_refsource_SECTRACK
20150408 Multiple Vulnerabilities in Cisco ASA Software
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now