Lucene search
HistoryOct 10, 2014 - 10:55 a.m.
CVE-2014-3393
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
51.7%
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.2
ORciscoadaptive_security_appliance_softwareMatch8.2.0.45
ORciscoadaptive_security_appliance_softwareMatch8.2.1
ORciscoadaptive_security_appliance_softwareMatch8.2.1.1
ORciscoadaptive_security_appliance_softwareMatch8.2.2
ORciscoadaptive_security_appliance_softwareMatch8.2.2.10
ORciscoadaptive_security_appliance_softwareMatch8.2.2.12
ORciscoadaptive_security_appliance_softwareMatch8.2.2.16
ORciscoadaptive_security_appliance_softwareMatch8.2.2.17
ORciscoadaptive_security_appliance_softwareMatch8.2.3
ORciscoadaptive_security_appliance_softwareMatch8.2.4
ORciscoadaptive_security_appliance_softwareMatch8.2.4.1
ORciscoadaptive_security_appliance_softwareMatch8.2.4.4
ORciscoadaptive_security_appliance_softwareMatch8.2.5
ORciscoadaptive_security_appliance_softwareMatch8.2.5.13
ORciscoadaptive_security_appliance_softwareMatch8.2.5.22
ORciscoadaptive_security_appliance_softwareMatch8.2.5.26
ORciscoadaptive_security_appliance_softwareMatch8.2.5.33
ORciscoadaptive_security_appliance_softwareMatch8.2.5.40
ORciscoadaptive_security_appliance_softwareMatch8.2.5.41
ORciscoadaptive_security_appliance_softwareMatch8.2.5.46
ORciscoadaptive_security_appliance_softwareMatch8.2.5.48
ORciscoadaptive_security_appliance_softwareMatch8.2.5.50
ORciscoadaptive_security_appliance_softwareMatch8.3
ORciscoadaptive_security_appliance_softwareMatch8.3.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.4
ORciscoadaptive_security_appliance_softwareMatch8.3.1.6
ORciscoadaptive_security_appliance_softwareMatch8.3.2
ORciscoadaptive_security_appliance_softwareMatch8.3.2.4
ORciscoadaptive_security_appliance_softwareMatch8.3.2.13
ORciscoadaptive_security_appliance_softwareMatch8.3.2.23
ORciscoadaptive_security_appliance_softwareMatch8.3.2.25
ORciscoadaptive_security_appliance_softwareMatch8.3.2.31
ORciscoadaptive_security_appliance_softwareMatch8.3.2.33
ORciscoadaptive_security_appliance_softwareMatch8.3.2.34
ORciscoadaptive_security_appliance_softwareMatch8.3.2.37
ORciscoadaptive_security_appliance_softwareMatch8.3.2.39
ORciscoadaptive_security_appliance_softwareMatch8.3.2.40
ORciscoadaptive_security_appliance_softwareMatch8.3.2.41
ORciscoadaptive_security_appliance_softwareMatch8.4
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.6
ORciscoadaptive_security_appliance_softwareMatch8.6.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1.2
ORciscoadaptive_security_appliance_softwareMatch8.6.1.5
ORciscoadaptive_security_appliance_softwareMatch8.6.1.10
ORciscoadaptive_security_appliance_softwareMatch8.6.1.12
ORciscoadaptive_security_appliance_softwareMatch8.6.1.13
ORciscoadaptive_security_appliance_softwareMatch8.6.1.14
ORciscoadaptive_security_appliance_softwareMatch9.0
ORciscoadaptive_security_appliance_softwareMatch9.0.1
ORciscoadaptive_security_appliance_softwareMatch9.0.2
ORciscoadaptive_security_appliance_softwareMatch9.0.2.10
ORciscoadaptive_security_appliance_softwareMatch9.0.3
ORciscoadaptive_security_appliance_softwareMatch9.0.3.6
ORciscoadaptive_security_appliance_softwareMatch9.0.3.8
ORciscoadaptive_security_appliance_softwareMatch9.0.4
ORciscoadaptive_security_appliance_softwareMatch9.0.4.1
ORciscoadaptive_security_appliance_softwareMatch9.0.4.5
ORciscoadaptive_security_appliance_softwareMatch9.0.4.7
ORciscoadaptive_security_appliance_softwareMatch9.0.4.17
ORciscoadaptive_security_appliance_softwareMatch9.0.4.20
ORciscoadaptive_security_appliance_softwareMatch9.0.4.24
ORciscoadaptive_security_appliance_softwareMatch9.1
ORciscoadaptive_security_appliance_softwareMatch9.1.1
ORciscoadaptive_security_appliance_softwareMatch9.1.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.2
ORciscoadaptive_security_appliance_softwareMatch9.1.2.8
ORciscoadaptive_security_appliance_softwareMatch9.1.3
ORciscoadaptive_security_appliance_softwareMatch9.1.3.2
ORciscoadaptive_security_appliance_softwareMatch9.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5.10
ORciscoadaptive_security_appliance_softwareMatch9.1.5.12
ORciscoadaptive_security_appliance_softwareMatch9.1.5.15
ORciscoadaptive_security_appliance_softwareMatch9.2.0
ORciscoadaptive_security_appliance_softwareMatch9.2.1
ORciscoadaptive_security_appliance_softwareMatch9.2.2
ORciscoadaptive_security_appliance_softwareMatch9.2.2.4
ORciscoadaptive_security_appliance_softwareMatch9.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 8.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.0.45 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.1.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.10 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.12 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.16 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2.17 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-3393
2014-10-10 10:00:00
thn
thn
Hackers Backdooring Cisco WebVPN To Steal Customersβ Passwords
2015-10-08 20:53:00
fireeye
fireeye
99 Problems but Two-Factor Ainβt One
2016-03-23 08:00:00
cisco
cisco
Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
2014-10-08 16:22:26
Multiple Vulnerabilities in Cisco ASA Software
2014-10-08 16:00:00
prion
prion
Authentication flaw
2014-10-10 10:55:00
threatpost
threatpost
DHS Urges Vigilance in Protecting Networking Gear
2016-09-08 11:09:20
openvas
openvas
cve
cve
CVE-2014-3393
2014-10-10 10:55:06
securityvulns
securityvulns
Cisco ASA multiple DoS vulnerabilities
2014-10-13 00:00:00
Cisco ASA multiple security vulnerabilities
2015-07-14 00:00:00
nessus
nessus
Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa)
2014-10-10 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
51.7%
Related for NVD:CVE-2014-3393