High
The vulnerability is due to insufficient identity verification of the KDC when a successful authentication response is received. An attacker could exploit this vulnerability by spoofing the KDC server response to the ASA device. This malicious response would not have been authenticated by the KDC. A successful attack could allow an attacker to bypass Kerberos authentication. |
Authentication Bypass |
Cisco
Cisco ASA Software with Kerberos authentication configured for VPN |
Refer to vendor’s advisory for the list of affected products and upgraded patches.