| Vulnerability Name: | CVE-2013-1194 (CCN-83673) | ||||||||
| Assigned: | 2013-04-17 | ||||||||
| Published: | 2013-04-17 | ||||||||
| Updated: | 2016-09-22 | ||||||||
| Summary: | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. Per: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1194 'A vulnerability in the Internet Security Association and Key Management Protocol (ISAKMP) implementation in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device.' | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Broken Link 20130418 TWSL2013-004: Group Name Enumeration Vulnerability in Cisco IKE Implementation Source: MITRE Type: CNA CVE-2013-1194 Source: CCN Type: Cisco Security Notice Cisco ASA Software VPN Group Enumeration Vulnerability Source: CISCO Type: Vendor Advisory 20130417 Cisco ASA Software VPN Group Enumeration Vulnerability Source: XF Type: UNKNOWN ciscoasa-cve20131194-info-disc(83673) Source: CCN Type: Packet Storm Security [04-19-2013] Cisco IKE Implementation Group Name Enumeration | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||