Computer Security

Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem
Published:20.01.2007
Source:BUGTRAQ
SecurityVulns ID:7071
Type:remote
Level:6/10
Description:On connecting to managed device, device certificate is not validated.
Affected:CISCO : CS-MARS 4.2
 CISCO : ASDM 5.2
CVE:CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.)
Original documentdocumentCISCO, Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability (20.01.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru