CVE-2014-0739 — Improper Authentication in Cisco Adaptive Security Appliance Software

CWE-287 — Improper Authentication CWE-362 — Race Condition4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 59.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedFeb 22

Latest updateMay 13

Description

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.1\(3\)

🔴Vulnerability Details

GHSA

GHSA-xhmg-fcjg-c5rx: Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9↗2022-05-13

▶

CVEList

CVE-2014-0739: Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9↗2014-02-22

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability↗2014-02-21

▶