Lucene search

[email protected]NVD:CVE-2014-2195

HistoryMay 20, 2014 - 11:13 a.m.

CVE-2014-2195

2014-05-2011:13:37

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

Affected configurations

Nvd

Node

ciscoasyncosMatch-

AND

ciscocontent_security_management_applianceMatch-

ciscoemail_security_appliance_firmwareMatch-

VendorProductVersionCPE
ciscoasyncos-cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*
ciscocontent_security_management_appliance-cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_firmware-cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	asyncos	-	cpe:2.3:o:cisco:asyncos:-:::::::*
cisco	content_security_management_appliance	-	cpe:2.3:h:cisco:content_security_management_appliance:-:::::::*
cisco	email_security_appliance_firmware	-	cpe:2.3:o:cisco:email_security_appliance_firmware:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195

www.securitytracker.com/id/1030258

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.2%

JSON

Related for NVD:CVE-2014-2195

cve1 cvelist1 prion1