CVE-2015-4550 - The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with sof

CVE-2015-4550

Summary

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.

References

Vulnerable Configurations

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(1.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4\(1.1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\(3\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\(3\):*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-08-2023 - 18:54)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	75269
cisco	20150616 Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability
sectrack	1032595

Last major update

11-08-2023 - 18:54

Published

17-06-2015 - 10:59

Last modified

11-08-2023 - 18:54