CVE-2011-2054 - Vulnerability Details

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Asa 5500 Asa 5500 Firmware Asa 5510 Asa 5510 Firmware Asa 5512-x Asa 5512-x Firmware Asa 5515-x Asa 5515-x Firmware Asa 5520 Asa 5520 Firmware Asa 5525-x Asa 5525-x Firmware Asa 5540 Asa 5540 Firmware Asa 5545-x Asa 5545-x Firmware Asa 5550 Asa 5550 Firmware Asa 5555-x Asa 5555-x Firmware Asa 5580 Asa 5580 Firmware Asa 5585-x Asa 5585-x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asa_5500_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5500:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:asa_5510_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5510:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:asa_5512-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:asa_5515-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:asa_5520_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5520:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:asa_5525-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5525-x:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cisco:asa_5540_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5540:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cisco:asa_5545-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5545-x:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:asa_5550_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5550:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cisco:asa_5555-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5555-x:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:asa_5580_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5580:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cisco:asa_5585-x_firmware:8.4\(1\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:asa_5585-x:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884

History

Fri, 15 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-19T03:05:13.966780Z

Updated: 2024-11-15T17:41:33.434Z

Reserved: 2011-05-10T00:00:00

Link: CVE-2011-2054

Vulnrichment

Updated: 2024-08-06T22:46:00.884Z

NVD

Status : Modified

Published: 2020-02-19T03:15:10.277

Modified: 2024-11-21T01:27:30.853

Link: CVE-2011-2054

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object