// For flags

CVE-2007-0397

 

Severity Score

6.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves públicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo información sensible o generando información incorrecta.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-01-19 CVE Reserved
  • 2007-01-20 CVE Published
  • 2024-03-17 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Security Monitoring Analysis And Response System
Search vendor "Cisco" for product "Security Monitoring Analysis And Response System"
4.2.3
Search vendor "Cisco" for product "Security Monitoring Analysis And Response System" and version "4.2.3"
-
Affected
Cisco
Search vendor "Cisco"
Adaptive Security Appliance Device Manager
Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager"
5.2.53
Search vendor "Cisco" for product "Adaptive Security Appliance Device Manager" and version "5.2.53"
-
Affected