CVE-2014-2127

2014-04-1004:34:50

CWE-20

cisco

web.nvd.nist.gov

cisco

asa

software

ssl vpn

privilege escalation

cve-2014-2127

vulnerability

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.7

Confidence

High

EPSS

0.006

Percentile

77.8%

JSON

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch8.0

ciscoadaptive_security_appliance_softwareMatch8.1

ciscoadaptive_security_appliance_softwareMatch8.2

ciscoadaptive_security_appliance_softwareMatch8.3\(1\)

ciscoadaptive_security_appliance_softwareMatch8.4

ciscoadaptive_security_appliance_softwareMatch8.6

ciscoadaptive_security_appliance_softwareMatch9.0

ciscoadaptive_security_appliance_softwareMatch9.1

VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.0cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.2cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.3(1)cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.6cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.0cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	8.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:::::::*
cisco	adaptive_security_appliance_software	8.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:::::::*
cisco	adaptive_security_appliance_software	8.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:::::::*
cisco	adaptive_security_appliance_software	8.3(1)	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):::::::*
cisco	adaptive_security_appliance_software	8.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:::::::*
cisco	adaptive_security_appliance_software	8.6	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:::::::*
cisco	adaptive_security_appliance_software	9.0	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:::::::*
cisco	adaptive_security_appliance_software	9.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:::::::*