Vulnerability Description
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Software | <= 8.3\(1\) |
| Cisco | 5500 Series Adaptive Security Appliance | All versions |
| Cisco | Asa 5500 | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/42931
- http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf
- http://www.securityfocus.com/bid/45768
- http://www.securitytracker.com/id?1024963
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64574
- http://secunia.com/advisories/42931
- http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.pdf
- http://www.securityfocus.com/bid/45768
- http://www.securitytracker.com/id?1024963
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64574
FAQ
What is CVE-2010-4690?
CVE-2010-4690 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appl...
How severe is CVE-2010-4690?
CVE-2010-4690 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4690?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software, Cisco 5500 Series Adaptive Security Appliance, Cisco Asa 5500.