Summary: The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to. Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.
Affected Products
The following products are affected by the vulnerability described in this document:
Cisco Security Monitoring, Analysis and Response System (CS-MARS)
All CS-MARS versions prior to 4.2.3 are affected.
Cisco Adaptive Security Device Manager (ASDM)
All ASDM versions prior to 5.2(2.54) are affected when the ASDM Launcher (the stand-alone version of ASDM) is used.
Cisco has made free software available to address this vulnerability for affected customers.
URL:
http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807c517f.shtml
(available to registered users)
http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml
(available to non-registered users)
Affected Products
The following products are affected by the vulnerability described in this document:
Cisco Security Monitoring, Analysis and Response System (CS-MARS)
All CS-MARS versions prior to 4.2.3 are affected.
Cisco Adaptive Security Device Manager (ASDM)
All ASDM versions prior to 5.2(2.54) are affected when the ASDM Launcher (the stand-alone version of ASDM) is used.
Cisco has made free software available to address this vulnerability for affected customers.
URL:
http://www.cisco.com/en/US/customer/products/products_security_advisory09186a00807c517f.shtml
(available to registered users)
http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml
(available to non-registered users)
No comments:
Post a Comment