Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
BID:52482
Info
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
| Bugtraq ID: | 52482 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0358 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2012 12:00AM |
| Updated: | Mar 14 2012 12:00AM |
| Credit: | Dormann |
| Vulnerable: |
Cisco ASA 5500 Series Adaptive Security Appliance 8.6 Cisco ASA 5500 Series Adaptive Security Appliance 8.4 Cisco ASA 5500 Series Adaptive Security Appliance 8.3 Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Cisco ASA 5500 Series Adaptive Security Appliance 8.1 Cisco ASA 5500 Series Adaptive Security Appliance 8.0 Cisco ASA 5500 Series Adaptive Security Appliance 7.2 Cisco ASA 5500 Series Adaptive Security Appliance 7.1 |
| Not Vulnerable: |
Cisco ASA 5500 Series Adaptive Security Appliance 8.6(1.1) Cisco ASA 5500 Series Adaptive Security Appliance 8.4(2.16) Cisco ASA 5500 Series Adaptive Security Appliance 8.3(2.28) Cisco ASA 5500 Series Adaptive Security Appliance 8.2(5.18) Cisco ASA 5500 Series Adaptive Security Appliance 8.1(2.53) Cisco ASA 5500 Series Adaptive Security Appliance 8.0(5.26) Cisco ASA 5500 Series Adaptive Security Appliance 7.2(5.6) |
Discussion
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
Cisco Adaptive Security Appliances 5500 ActiveX control is prone to a remote code-execution vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
Successful exploits will allow attackers to execute arbitrary code with the privileges of the application running the affected ActiveX control. Failed exploit attempts may result in a denial-of-service condition.
Cisco Adaptive Security Appliances 5500 ActiveX control is prone to a remote code-execution vulnerability because the software fails to perform adequate boundary checks on user-supplied data.
Successful exploits will allow attackers to execute arbitrary code with the privileges of the application running the affected ActiveX control. Failed exploit attempts may result in a denial-of-service condition.
Exploit / POC
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Cisco Adaptive Security Appliances (ASA) 5500 Clientless VPN Remote Code Execution Vulnerability
References:
References: