Certificate Validation Bypass in Cisco ASA Software

Certificate Validation Bypass in Cisco ASA Software

CVE-2014-3394 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

Learn more about our Cis Benchmark Audit For Cisco.