Lucene search

CiscoCISCO-SA-20141008-CVE-2014-3394

HistoryOct 08, 2014 - 4:11 p.m.

Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability

2014-10-0816:11:53

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.002

Percentile

56.5%

JSON

A vulnerability in the
Smart Call Home (SCH) feature of Cisco ASA Software could allow an
unauthenticated, remote attacker to bypass digital certificate validation if any feature that uses digital certificates is configured on the affected system.

The
vulnerability exists because when SCH is configured, a
trustpoint, including a VeriSign certificate, is automatically installed. An attacker could exploit this vulnerability by presenting a valid
certificate signed by VeriSign when authenticating to the affected
system. An exploit could allow the attacker, for example, to bypass digital
certificate authentication when used by a given feature. Examples of
features that could be configured to use digital certificates validation include
VPN and Adaptive Security Device Management (ASDM) authentication, TLS Proxy, and Phone Proxy.

Cisco has confirmed the vulnerability in a security advisory and released software updates.

To exploit this vulnerability, an attacker may need to obtain additional information about the targeted device, such as whether the SCH feature is configured or has been configured on the system. However, this vulnerability still cannot be exploited unless there is another feature configured that relies on digital certificate validation services.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscoadaptive_security_appliance_softwareMatch8.2

ciscoadaptive_security_appliance_softwareMatch8.6

ciscoadaptive_security_appliance_softwareMatch8.7

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

ciscoadaptive_security_appliance_softwareMatch8.2.0.45

ciscoadaptive_security_appliance_softwareMatch8.2.1

ciscoadaptive_security_appliance_softwareMatch8.2.2

ciscoadaptive_security_appliance_softwareMatch8.2.2.10

ciscoadaptive_security_appliance_softwareMatch8.2.3

ciscoadaptive_security_appliance_softwareMatch8.2.4

ciscoadaptive_security_appliance_softwareMatch8.2.1.11

ciscoadaptive_security_appliance_softwareMatch8.2.2.9

ciscoadaptive_security_appliance_softwareMatch8.2.2.12

ciscoadaptive_security_appliance_softwareMatch8.2.2.16

ciscoadaptive_security_appliance_softwareMatch8.2.4.1

ciscoadaptive_security_appliance_softwareMatch8.2.4.4

ciscoadaptive_security_appliance_softwareMatch8.2.5

ciscoadaptive_security_appliance_softwareMatch8.2.5.13

ciscoadaptive_security_appliance_softwareMatch8.2.5.22

ciscoadaptive_security_appliance_softwareMatch8.2.5.26

ciscoadaptive_security_appliance_softwareMatch8.2.2.17

ciscoadaptive_security_appliance_softwareMatch8.2.5.33

ciscoadaptive_security_appliance_softwareMatch8.2.5.40

ciscoadaptive_security_appliance_softwareMatch8.2.5.41

ciscoadaptive_security_appliance_softwareMatch8.2.5.46

ciscoadaptive_security_appliance_softwareMatch8.2.5.48

ciscoadaptive_security_appliance_softwareMatch8.6.1.1

ciscoadaptive_security_appliance_softwareMatch8.6.1

ciscoadaptive_security_appliance_softwareMatch8.6.1.2

ciscoadaptive_security_appliance_softwareMatch8.6.1.5

ciscoadaptive_security_appliance_softwareMatch8.6.1.10

ciscoadaptive_security_appliance_softwareMatch8.6.1.12

ciscoadaptive_security_appliance_softwareMatch8.6.1.13

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch8.7.1.8

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

ciscoadaptive_security_appliance_softwareMatch9.0.1

ciscoadaptive_security_appliance_softwareMatch9.0.2

ciscoadaptive_security_appliance_softwareMatch9.0.2.10

ciscoadaptive_security_appliance_softwareMatch9.0.3

ciscoadaptive_security_appliance_softwareMatch9.0.3.6

ciscoadaptive_security_appliance_softwareMatch9.0.3.8

ciscoadaptive_security_appliance_softwareMatch9.0.4

ciscoadaptive_security_appliance_softwareMatch9.0.4.1

ciscoadaptive_security_appliance_softwareMatch9.0.4.5

ciscoadaptive_security_appliance_softwareMatch9.0.4.7

ciscoadaptive_security_appliance_softwareMatch9.1.1

ciscoadaptive_security_appliance_softwareMatch9.1.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.2

ciscoadaptive_security_appliance_softwareMatch9.1.3

ciscoadaptive_security_appliance_softwareMatch9.1.2.8

ciscoadaptive_security_appliance_softwareMatch9.1.3.2

ciscoadaptive_security_appliance_softwareMatch9.1.4

ciscoadaptive_security_appliance_softwareMatch9.1.4.5

ciscoadaptive_security_appliance_softwareMatch9.1.5

VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.6cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.0.45cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.2.10cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	8.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:::::::*
cisco	adaptive_security_appliance_software	8.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:::::::*
cisco	adaptive_security_appliance_software	8.7	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7:::::::*
cisco	adaptive_security_appliance_software	9.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:::::::*
cisco	adaptive_security_appliance_software	9.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:::::::*
cisco	adaptive_security_appliance_software	8.2.0.45	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:::::::*
cisco	adaptive_security_appliance_software	8.2.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:::::::*
cisco	adaptive_security_appliance_software	8.2.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:::::::*
cisco	adaptive_security_appliance_software	8.2.2.10	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:::::::*
cisco	adaptive_security_appliance_software	8.2.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:::::::*