Cisco ASA May Let Remote Users Bypass Control-plane ACLs
|
|
SecurityTracker Alert ID: 1020185
|
|
SecurityTracker URL: http://securitytracker.com/id?1020185
|
|
CVE Reference: CVE-2008-2059
(Links to External Site)
|
Date: Jun 4 2008
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Version(s): 8.x prior to 8.0(3)9
|
Description: A vulnerability was reported in Cisco ASA. A remote user may be able to bypass control-plane access control lists.
A control-plane access control list (ACL) may not work after it is initially configured on the device. As a result, a remote user
may be able to connect to the target device.
Cisco has assigned Cisco Bug ID CSCsm67466 to this vulnerability.
|
Impact: A remote user may be able to connect to the target device.
|
Solution: The vendor has issued a fix (8.0(3)9).
The vendor's advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml (Links to External Site)
|
Cause: Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 4 Jun 2008 12:18:42 -0400
Subject: Cisco ASA
|
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml
CVE-2008-2059
|
|
