CVE-2011-2054

CVE Database · CVE-2011-2054

CVE-2011-2054

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.86%

Published

Feb 19, 2020

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (24)

cisco · asa_5500_firmwarevulnerable

cisco · asa_5500

cisco · asa_5510_firmwarevulnerable

cisco · asa_5510

cisco · asa_5512-x_firmwarevulnerable

cisco · asa_5512-x

cisco · asa_5515-x_firmwarevulnerable

cisco · asa_5515-x

cisco · asa_5520_firmwarevulnerable

cisco · asa_5520

cisco · asa_5525-x_firmwarevulnerable

cisco · asa_5525-x

References (2)

https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884

Vendor Advisory

https://quickview.cloudapps.cisco.com/quickview/bug/CSCtq58884

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs