Vigil@nce - Cisco ASA: access to a Tunnel Group
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can bypass the Tunnel Group restriction
of Cisco ASA, in order to escalate his privileges.
– Impacted products: ASA
– Severity: 2/4
– Creation date: 17/02/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco ASA product can define VPN tunnel groups.
However, an authenticated attacker can forge a response containing
another group parameter, in order to be accepted in this group.
An authenticated attacker can therefore bypass the Tunnel Group
restriction of Cisco ASA, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ASA-access-to-a-Tunnel-Group-16205