CVE-2008-2736 - OpenCVE

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Adaptive Security Appliance 5500

Configuration 1 [-]

OR	cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:::::::*
	cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:::::::*

References

Link	Resource
http://secunia.com/advisories/31730
http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa
http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml
http://www.securityfocus.com/bid/30998
http://www.securitytracker.com/id?1020813
https://exchange.xforce.ibmcloud.com/vulnerabilities/44870

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2008-09-04T16:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-06-16T00:00:00

Link: CVE-2008-2736

JSON object: View

NVD Information

Status : Modified

Published: 2008-09-04T16:41:00.000

Modified: 2017-08-08T01:31:17.137

Link: CVE-2008-2736

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "cisco-asa-clientlessvpn-info-disclosure(44870)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44870"}, {"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"}, {"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"}, {"name": "31730", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31730"}, {"name": "1020813", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020813"}, {"name": "30998", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30998"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2008-2736", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-asa-clientlessvpn-info-disclosure(44870)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44870"}, {"name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"}, {"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"}, {"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", "refsource": "CONFIRM", "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"}, {"name": "31730", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31730"}, {"name": "1020813", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020813"}, {"name": "30998", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30998"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2008-2736", "datePublished": "2008-09-04T16:00:00", "dateReserved": "2008-06-16T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1AB1C21E-6A68-4851-BCFC-12E8E5BE9610", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:adaptive_security_appliance_5500:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FC14168-91A7-4D42-9CEA-09AAA3BBE2B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Cisco Adaptive Security Appliance (ASA) 5500 dispositivos 8.0(3)15, 8.0(3)16, 8.1(1)4, y 8.1(1)5, cuando se configuran como punto final sin cliente SSL VPN; permite a atacantes remotos obtener nombres de usuario y contrase\u00f1as a trav\u00e9s de vectores desconocidos. Tambi\u00e9n se conoce como Bug ID CSCsq45636."}], "id": "CVE-2008-2736", "lastModified": "2017-08-08T01:31:17.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-04T16:41:00.000", "references": [{"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/31730"}, {"source": "ykramarz@cisco.com", "url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"}, {"source": "ykramarz@cisco.com", "url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"}, {"source": "ykramarz@cisco.com", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/30998"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1020813"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44870"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}