header-logo
Suggest Exploit
vendor:
Cisco ASA
by:
Equation Group
9,8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Cisco ASA
Affected Version From: Cisco ASA 8.X
Affected Version To: Cisco ASA 8.X
Patch Exists: YES
Related CWE: Not sure
CPE: cisco:asa
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Cisco ASA 8.4.2
2016

Cisco ASA 8.X Authentication Bypass

The exploit allows an attacker to bypass authentication on Cisco ASA 8.X devices by exploiting a vulnerability in the SNMP service. The attacker needs to have access to the SNMP service and the SNMP read (public) string. The exploit was released by the Equation Group in 2016 and tested on Cisco ASA 8.4.2.

Mitigation:

Disable SNMP service or restrict access to it, use strong passwords for SNMP strings, use firewalls to restrict access to the SNMP service.
Source

Exploit-DB raw data:

 # Exploit Title: Cisco ASA 8.X Authentication Bypass
# Date: 17-08-2016
# Exploit Author: Equation Group
# Vendor Homepage: Cisco
# Software Link: Cisco
# Version: Cisco ASA 8.X
# Tested on: Cisco ASA 8.4.2
# CVE : Not sure

Requirements:
* SNMP read (public) string
* Access to SNMP service
* SSH port accessible


Full Exploit:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40258.zip

Navigation

Suggest Exploit

Services By CQR