Lucene search

CiscoCVE-2014-3390

HistoryOct 10, 2014 - 10:55 a.m.

CVE-2014-3390

2014-10-1010:55:06

CWE-20

cisco

web.nvd.nist.gov

cisco

asa

software

vnmc

policy

implementation

local users

linux root access

bug ids

cscuq41510

cscuq47574

cve-2014-3390

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

26.9%

JSON

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch8.7.8

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

ciscoadaptive_security_appliance_softwareMatch8.7.1.13

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

VendorProductVersionCPE
ciscoadaptive_security_appliance_software8.7.8cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1.3cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1.4cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1.7cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1.11cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software8.7.1.13cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.2.1cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.2.2cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.2.2.4cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	8.7.8	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:::::::*
cisco	adaptive_security_appliance_software	8.7.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:::::::*
cisco	adaptive_security_appliance_software	8.7.1.3	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:::::::*
cisco	adaptive_security_appliance_software	8.7.1.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:::::::*
cisco	adaptive_security_appliance_software	8.7.1.7	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:::::::*
cisco	adaptive_security_appliance_software	8.7.1.11	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:::::::*
cisco	adaptive_security_appliance_software	8.7.1.13	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:::::::*
cisco	adaptive_security_appliance_software	9.2.1	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:::::::*
cisco	adaptive_security_appliance_software	9.2.2	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:::::::*
cisco	adaptive_security_appliance_software	9.2.2.4	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:::::::*