CVE-2010-4690

Cisco ASA 5500 <8.3.2 - Info Disclosure

Title source: llm

Description

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45768

[Release Notes] http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64574

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024963

[Third Party Advisory] http://secunia.com/advisories/42931

Scores

EPSS 0.0050

EPSS Percentile 65.5%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

cisco/adaptive_security_appliance_software < 8.3\(1\)

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

cisco/adaptive_security_appliance_software

... and 35 more

Timeline

Published Jan 07, 2011

Tracked Since Feb 18, 2026