HomePentest-Tools.com Logo

Cisco ASA Information Disclosure Vulnerability (cisco-sa-20160111-asa) CVE-2016-1295

Severity
CVSSv3 Score
5.3
Vulnerability description

Cisco ASA Software is prone to an information disclosure vulnerability.

Risk description

The flaw is due to an insufficient protection of sensitive data during a Cisco AnyConnect client authentication attempt. Successful exploitation allows the attacker to access sensitive data, including the ASA Software version that is currently running on the appliance.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 16, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available