CVE-2011-3298

high Cisco
CVSS v3 Base Score
7.9
AV:A/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
0.2%
Exploitation probability in 30 days
Top 64% most likely to be exploited
Attack Characteristics
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: October 6, 2011 (5334 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.

CWE

CWE-287

Affected Products

cisco adaptive security appliance softwarecisco 5500 series adaptive security appliancecisco asa 5500cisco firewall services module softwarecisco catalyst 6500cisco catalyst 7600

References

🔗 www.cisco.com 🔗 www.cisco.com 🔗 exchange.xforce.ibmcloud.com 🔗 www.cisco.com 🔗 www.cisco.com