Lucene search
CiscoCVE-2014-8023HistoryFeb 17, 2015 - 1:59 a.m.
CVE-2014-8023
2015-02-1701:59:02
CWE-264
cisco
web.nvd.nist.gov
42
cisco
asa
software
security
tunnel group
authentication
bug id
csctz48533
cve-2014-8023
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
53.9%
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareRange≤9.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | * | cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-8023
2015-02-17 01:00:00
openvas
openvas
cisco
cisco
Cisco ASA Challenge-Response Tunnel Group Selection Bypass Vulnerability
2015-02-16 19:55:11
prion
prion
Authentication flaw
2015-02-17 01:59:00
nvd
nvd
CVE-2014-8023
2015-02-17 01:59:02
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.002
Percentile
53.9%
Related for CVE-2014-8023