Vulnerability Details CVE-2007-0397
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v2 Score 6.4
References
- http://osvdb.org/32720
- http://secunia.com/advisories/23836
- http://securitytracker.com/id?1017535
- http://securitytracker.com/id?1017536
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml
- http://www.securityfocus.com/bid/22111
- http://www.vupen.com/english/advisories/2007/0245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
- http://osvdb.org/32720
- http://secunia.com/advisories/23836
- http://securitytracker.com/id?1017535
- http://securitytracker.com/id?1017536
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml
- http://www.securityfocus.com/bid/22111
- http://www.vupen.com/english/advisories/2007/0245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
Products affected by CVE-2007-0397
-
cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.53
-
cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.3