The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.
AV:N/AC:L/Au:N/C:P/I:P/A:PCisco Content Services Switch 11500
HWCisco08.20.1.01
Related vulnerabilities
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engin...
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE)...
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows rem...
Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services swi...
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a...