CVE-2015-0675

high

Description

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa

http://www.securitytracker.com/id/1032045

Details

Source: MITRE

Published: 2015-04-13

Updated: 2022-05-26

Type: CWE-284

Risk Information

CVSS v2

Base Score: 8.3

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.5

Severity: HIGH