CVE-2012-0335

CVE Descriptions

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:P/I:N/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.21%	–	–
2022-03-27	–	–	1.21%	–	–
2022-04-03	–	–	1.21%	–	–
2022-05-08	–	–	1.21%	–	–
2022-08-28	–	–	1.21%	–	–
2023-02-26	–	–	1.21%	–	–
2023-03-12	–	–	–	0.34%	–
2023-08-13	–	–	–	0.34%	–
2024-02-11	–	–	–	0.34%	–
2024-02-18	–	–	–	0.34%	–
2024-06-02	–	–	–	0.34%	–
2024-07-14	–	–	–	0.34%	–
2024-08-04	–	–	–	0.34%	–
2024-08-11	–	–	–	0.34%	–
2024-12-22	–	–	–	0.34%	–
2025-01-19	–	–	–	0.34%	–
2025-03-18	–	–	–	–	0.42%
2025-03-30	–	–	–	–	0.42%
2025-03-30	–	–	–	–	0.42,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	41%
2022-03-27	42%
2022-04-03	64%
2022-05-08	65%
2022-08-28	66%
2023-02-26	67%
2023-03-12	67%
2023-08-13	68%
2024-02-11	7%
2024-02-18	71%
2024-06-02	71%
2024-07-14	72%
2024-08-04	71%
2024-08-11	72%
2024-12-22	71%
2025-01-19	71%
2025-03-18	6%
2025-03-30	59%
2025-03-30	59%

Products Mentioned

Configuraton 0

Cisco>>Adaptive_security_appliance_software >> Version 7.2

Cisco>>Adaptive_security_appliance_software >> Version 7.2 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(1\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(1\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(1.22\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(1.22\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.5\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.5\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.7\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.7\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.8\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.8\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.10\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.10\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.14\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.14\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.15\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.15\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.16\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.16\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.17\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.17\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.18\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.18\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.19\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.19\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.48\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(2.48\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(3\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(3\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(4\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(4\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(5\)

Cisco>>Adaptive_security_appliance_software >> Version 7.2\(5\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2.1

Cisco>>Adaptive_security_appliance_software >> Version 7.2.1 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2.2

Cisco>>Adaptive_security_appliance_software >> Version 7.2.2 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2.3

Cisco>>Adaptive_security_appliance_software >> Version 7.2.3 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2.4

Cisco>>Adaptive_security_appliance_software >> Version 7.2.4 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 7.2.5

Cisco>>Adaptive_security_appliance_software >> Version 7.2.5 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(1\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(1\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(2\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(2\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(3\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(3\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(3.9\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(3.9\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4.1\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4.1\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4.4\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(4.4\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(5\)

Cisco>>Adaptive_security_appliance_software >> Version 8.2\(5\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2.1

Cisco>>Adaptive_security_appliance_software >> Version 8.2.1 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2.2

Cisco>>Adaptive_security_appliance_software >> Version 8.2.2 (Open CPE detail)
Cisco>>Adaptive_security_appliance_software >> Version 8.2.2 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2.2

Cisco>>Adaptive_security_appliance_software >> Version 8.2.2 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.2.3

Cisco>>Adaptive_security_appliance_software >> Version 8.2.3 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.3\(1\)

Cisco>>Adaptive_security_appliance_software >> Version 8.3\(1\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.3\(2\)

Cisco>>Adaptive_security_appliance_software >> Version 8.3\(2\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.3.1

Cisco>>Adaptive_security_appliance_software >> Version 8.3.1 (Open CPE detail)
Cisco>>Adaptive_security_appliance_software >> Version 8.3.1 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.3.1

Cisco>>Adaptive_security_appliance_software >> Version 8.3.1 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.3.2

Cisco>>Adaptive_security_appliance_software >> Version 8.3.2 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.4

Cisco>>Adaptive_security_appliance_software >> Version 8.4 (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(1\)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(1\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(1.11\)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(1.11\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(2\)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(2\) (Open CPE detail)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(2.11\)

Cisco>>Adaptive_security_appliance_software >> Version 8.4\(2.11\) (Open CPE detail)

Cisco>>5500_series_adaptive_security_appliance >> Version *

Cisco>>5500_series_adaptive_security_appliance >> Version - (Open CPE detail)
Cisco>>5500_series_adaptive_security_appliance >> Version 7.2 (Open CPE detail)

References

http://www.cisco.com/web/software/280775065/89203/ASA-843-Interim-Release-Notes.html
Tags : x_refsource_CONFIRM

http://www.securityfocus.com/bid/53558
Tags : vdb-entry, x_refsource_BID

http://secunia.com/advisories/49139
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securitytracker.com/id?1027008
Tags : vdb-entry, x_refsource_SECTRACK

CVE-2012-0335 : Detail