The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle malicious users to spoof TLS content by modifying packets, aka Bug ID CSCuu52976.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco adaptive security appliance software 9.1.5.21 |