Cisco ASA Information Disclosure Vulnerability (cisco-sa-20160111-asa) CVE-2016-1295
- CVSSv3 Score
- Vulnerability description
Cisco ASA Software is prone to an information disclosure vulnerability.
- Risk description
The flaw is due to an insufficient protection of sensitive data during a Cisco AnyConnect client authentication attempt. Successful exploitation allows the attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.
See the referenced vendor advisory for a solution.
- Not available