A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security could allow an authenticated, remote malicious user to enumerate users and read user information without belonging to a role that allows those operations. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by sending an HTTP request to a specific URL. Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-cas
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco asa cx context-aware security software 9.3.4.1.11 |