Lucene search
HistoryOct 10, 2014 - 10:55 a.m.
CVE-2014-3391
CVSS2
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
26.9%
Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.7.8
ORciscoadaptive_security_appliance_softwareMatch8.2.0.45
ORciscoadaptive_security_appliance_softwareMatch8.2.1
ORciscoadaptive_security_appliance_softwareMatch8.2.1.1
ORciscoadaptive_security_appliance_softwareMatch8.2.2
ORciscoadaptive_security_appliance_softwareMatch8.2.2.10
ORciscoadaptive_security_appliance_softwareMatch8.2.2.12
ORciscoadaptive_security_appliance_softwareMatch8.2.2.16
ORciscoadaptive_security_appliance_softwareMatch8.2.2.17
ORciscoadaptive_security_appliance_softwareMatch8.2.3
ORciscoadaptive_security_appliance_softwareMatch8.2.4
ORciscoadaptive_security_appliance_softwareMatch8.2.4.1
ORciscoadaptive_security_appliance_softwareMatch8.2.4.4
ORciscoadaptive_security_appliance_softwareMatch8.2.5
ORciscoadaptive_security_appliance_softwareMatch8.2.5.13
ORciscoadaptive_security_appliance_softwareMatch8.2.5.22
ORciscoadaptive_security_appliance_softwareMatch8.2.5.26
ORciscoadaptive_security_appliance_softwareMatch8.2.5.33
ORciscoadaptive_security_appliance_softwareMatch8.2.5.40
ORciscoadaptive_security_appliance_softwareMatch8.2.5.41
ORciscoadaptive_security_appliance_softwareMatch8.2.5.46
ORciscoadaptive_security_appliance_softwareMatch8.2.5.48
ORciscoadaptive_security_appliance_softwareMatch8.2.5.50
ORciscoadaptive_security_appliance_softwareMatch8.3.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.4
ORciscoadaptive_security_appliance_softwareMatch8.3.1.6
ORciscoadaptive_security_appliance_softwareMatch8.3.2
ORciscoadaptive_security_appliance_softwareMatch8.3.2.4
ORciscoadaptive_security_appliance_softwareMatch8.3.2.13
ORciscoadaptive_security_appliance_softwareMatch8.3.2.23
ORciscoadaptive_security_appliance_softwareMatch8.3.2.25
ORciscoadaptive_security_appliance_softwareMatch8.3.2.31
ORciscoadaptive_security_appliance_softwareMatch8.3.2.33
ORciscoadaptive_security_appliance_softwareMatch8.3.2.34
ORciscoadaptive_security_appliance_softwareMatch8.3.2.37
ORciscoadaptive_security_appliance_softwareMatch8.3.2.39
ORciscoadaptive_security_appliance_softwareMatch8.3.2.40
ORciscoadaptive_security_appliance_softwareMatch8.3.2.41
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.7.1
ORciscoadaptive_security_appliance_softwareMatch8.7.1.3
ORciscoadaptive_security_appliance_softwareMatch8.7.1.4
ORciscoadaptive_security_appliance_softwareMatch8.7.1.7
ORciscoadaptive_security_appliance_softwareMatch8.7.1.11
ORciscoadaptive_security_appliance_softwareMatch8.7.1.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 8.7.8 | cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.0.45 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.1.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.10 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.12 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.16 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.17 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-3391
2014-10-10 10:00:00
openvas
openvas
Cisco ASA Local Path Inclusion Vulnerability (cisco-sa-20141008-asa)
2015-03-13 00:00:00
cisco
cisco
Cisco ASA Local Path Inclusion Vulnerability
2014-10-08 16:09:54
Multiple Vulnerabilities in Cisco ASA Software
2014-10-08 16:00:00
prion
prion
Design/Logic Flaw
2014-10-10 10:55:00
cve
cve
CVE-2014-3391
2014-10-10 10:55:06
securityvulns
securityvulns
Cisco ASA multiple DoS vulnerabilities
2014-10-13 00:00:00
Cisco ASA multiple security vulnerabilities
2015-07-14 00:00:00
nessus
nessus
Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa)
2014-10-10 00:00:00
CVSS2
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
26.9%
Related for NVD:CVE-2014-3391