CVE-2011-3298
CVE-2011-3298 is a high-severity vulnerability in Cisco Adaptive Security Appliance Software with a CVSS 2.0 base score of 7.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: High (CVSS 2.0 base score 7.9)
- EPSS exploit prediction: 1% (54th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-287
- Affected product: Cisco Adaptive Security Appliance Software
- Published:
- Last modified:
Description
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.
Frequently asked questions
- What is CVE-2011-3298?
- Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.
- How severe is CVE-2011-3298?
- CVE-2011-3298 has a CVSS 2.0 base score of 7.9, rated high severity.
- Is CVE-2011-3298 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (54th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-3298?
- CVE-2011-3298 primarily affects Cisco Adaptive Security Appliance Software. In total, 141 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2011-3298?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2011-3298 published?
- CVE-2011-3298 was published on 2011-10-06 and last updated on 2026-06-16.
References
- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70328
Affected products (141)
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(0\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(5.2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(6.7\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(7\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\(8\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:interim:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(1.22\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.5\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.7\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.8\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.10\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.14\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.15\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.16\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.17\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.18\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.19\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(2.48\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(3\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(4\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2\(5\):*:*:*:*:*:*:*
More vulnerabilities in Cisco Adaptive Security Appliance Software
- CVE-2018-0101 — Critical (CVSS 10.0): A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA)…
- CVE-2013-5511 — Critical (CVSS 10.0): The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA)…
- CVE-2013-5509 — Critical (CVSS 10.0): The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2)…
- CVE-2007-2462 — Critical (CVSS 10.0): Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2…
- CVE-2025-20333 — Critical (CVSS 9.9): A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco…
- CVE-2024-20329 — Critical (CVSS 9.9): A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated,…
All CVEs affecting Cisco Adaptive Security Appliance Software →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →