National Cyber-Alert System

Vulnerability Summary for CVE-2009-1155

Overview

Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CISCO

Name: 20090408 Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances

Type: Advisory; Patch Information

Hyperlink:http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml

External Source: VUPEN

Name: ADV-2009-0981

Hyperlink:http://www.vupen.com/english/advisories/2009/0981

External Source: SECTRACK

Name: 1022016

Hyperlink:http://www.securitytracker.com/id?1022016

External Source: BID

Name: 34429

Hyperlink:http://www.securityfocus.com/bid/34429

External Source: SECUNIA

Name: 34607

Hyperlink:http://secunia.com/advisories/34607

External Source: OSVDB

Name: 53441

Hyperlink:http://osvdb.org/53441