CVE-2011-3298

Cisco Adaptive Security Appliance Software - Authentication Bypass

Title source: rule

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.

References (3)

Scores

EPSS 0.0015
EPSS Percentile 35.9%

Classification

CWE
CWE-287
Status draft

Affected Products (50)

cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
... and 35 more

Timeline

Published Oct 06, 2011
Tracked Since Feb 18, 2026