1. Home
  2. CVE Database
  3. CVE-2011-2054
MEDIUM · 4.3

CVE-2011-2054

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...

Vulnerability Description

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoAsa 5500 Firmware8.4\(1\)
CiscoAsa 5500-
CiscoAsa 5510 Firmware8.4\(1\)
CiscoAsa 5510-
CiscoAsa 5512-X Firmware8.4\(1\)
CiscoAsa 5512-X-
CiscoAsa 5515-X Firmware8.4\(1\)
CiscoAsa 5515-X-
CiscoAsa 5520 Firmware8.4\(1\)
CiscoAsa 5520-
CiscoAsa 5525-X Firmware8.4\(1\)
CiscoAsa 5525-X-
CiscoAsa 5540 Firmware8.4\(1\)
CiscoAsa 5540-
CiscoAsa 5545-X Firmware8.4\(1\)
CiscoAsa 5545-X-
CiscoAsa 5550 Firmware8.4\(1\)
CiscoAsa 5550-
CiscoAsa 5555-X Firmware8.4\(1\)
CiscoAsa 5555-X-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2011-2054?

CVE-2011-2054 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...

How severe is CVE-2011-2054?

CVE-2011-2054 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2054?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asa 5500 Firmware, Cisco Asa 5500, Cisco Asa 5510 Firmware, Cisco Asa 5510, Cisco Asa 5512-X Firmware.