This one isn’t a huge issue but can be a pain in the butt.
From Secunia:
Description:
A security issue has been reported in Cisco products, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that the SSL/TLS certificates and SSH public keys presented by devices are not being validated. This can be exploited to conduct spoofing attacks and possibly gain knowledge of sensitive information.
The security issue reported in the following products:
* Cisco Security Monitoring, Analysis and Response System (CS-MARS) versions prior to 4.2.3.
* Cisco Adaptive Security Device Manager (ASDM) versions prior to 5.2.
[tags]Cisco, SSL, TLS, SSH Validation, Security Problem[/tags]