CVE-2013-5511

Cisco ASA Software 8.2-9.1 Unauthenticated Authentication Bypass via ASDM

Title source: llm

Description

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5511

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

Scores

EPSS 0.0230

EPSS Percentile 81.1%

Details

CWE

CWE-287

Status published

Products (42)

cisco/adaptive_security_appliance_software 8.2

cisco/adaptive_security_appliance_software 8.2\(1\)

cisco/adaptive_security_appliance_software 8.2\(2\)

cisco/adaptive_security_appliance_software 8.2\(3\)

cisco/adaptive_security_appliance_software 8.2\(3.9\)

cisco/adaptive_security_appliance_software 8.2\(4\)

cisco/adaptive_security_appliance_software 8.2\(4.1\)

cisco/adaptive_security_appliance_software 8.2\(4.4\)

cisco/adaptive_security_appliance_software 8.2\(5\)

cisco/adaptive_security_appliance_software 8.2\(5.35\)

... and 32 more

Published Oct 13, 2013

Tracked Since Feb 18, 2026