CVE-2017-6752
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the interaction between Lightweight Directory Access Protocol (LDAP) and SSL Connection Profile when they are configured together. An attacker could exploit the vulnerability by performing a username enumeration attack to the IP address of the device. An exploit could allow the attacker to determine valid usernames. Cisco Bug IDs: CSCvd47888.
Una vulnerabilidad en la interfaz web de Cisco Adaptive Security Appliance (ASA) 9.3(3) y 9.6(2) podría permitir que un atacante remoto sin autenticar determine nombres de usuario válidos. El atacante podría utilizar esta información para llevar a cabo ataques de reconocimiento adicionales. La vulnerabilidad se produce debido a la interacción entre Lightweight Directory Access Protocol (LDAP) y SSL Connection Profile cuando se configuran conjuntamente. Un atacante podría explotar la vulnerabilidad mediante la ejecución de un ataque de enumeración de nombres de usuario contra la dirección IP del dispositivo. Un exploit podría permitir que el atacante determine nombres de usuario válidos. Cisco Bug IDs: CSCvd47888.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-08-07 CVE Published
- 2023-05-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/100113 | Third Party Advisory | |
http://www.securitytracker.com/id/1039057 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.3.3 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.3.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Adaptive Security Appliance Software Search vendor "Cisco" for product "Adaptive Security Appliance Software" | 9.6.2 Search vendor "Cisco" for product "Adaptive Security Appliance Software" and version "9.6.2" | - |
Affected
|