Vulnerability Description
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Security Monitoring Analysis And Response System | 4.2.3 |
| Cisco | Adaptive Security Appliance Device Manager | 5.2.53 |
References
- http://osvdb.org/32720
- http://secunia.com/advisories/23836
- http://securitytracker.com/id?1017535
- http://securitytracker.com/id?1017536
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.sPatch
- http://www.securityfocus.com/bid/22111
- http://www.vupen.com/english/advisories/2007/0245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31567
- http://osvdb.org/32720
- http://secunia.com/advisories/23836
- http://securitytracker.com/id?1017535
- http://securitytracker.com/id?1017536
- http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.sPatch
- http://www.securityfocus.com/bid/22111
- http://www.vupen.com/english/advisories/2007/0245
FAQ
What is CVE-2007-0397?
CVE-2007-0397 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public k...
How severe is CVE-2007-0397?
CVE-2007-0397 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0397?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Security Monitoring Analysis And Response System, Cisco Adaptive Security Appliance Device Manager.