Cisco ASA 5500 Series Adaptive Security Appliance NTLMv1 Authentication Bypass (cisco-sa-20100217-asa)

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote SSL VPN Server is vulnerable to an authentication bypass vulnerability.

Description :

The remote host is a Cisco Adaptive Security Appliance (ASA). The
version of the software used on this appliance is affected by an NT
LAN Manager version 1 (NTLMv1) authentication bypass vulnerability.

An attacker can exploit this flaw to log into the remote network
without supplying any credentials.

See also :

Solution :

Install the appropriate firmware upgrade as described in the vendor's

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 44945 ()

Bugtraq ID: 38279

CVE ID: CVE-2010-0568