// For flags

CVE-2015-6344

 

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105.

La GUI basasa en web en Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y obtener información sensible del usuario a través de una petición HTTP no especificada, también conocida como Bug ID CSCuv74105.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-08-17 CVE Reserved
  • 2015-10-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Asa Cx Context-aware Security Software
Search vendor "Cisco" for product "Asa Cx Context-aware Security Software"
 9.3.4.1.11
Search vendor "Cisco" for product "Asa Cx Context-aware Security Software" and version "9.3.4.1.11"
-
Affected