CVE-2014-2127 โ€” Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 โ€” Improper Input Validation5 documents5 sources
Severity
8.5HIGHNVD
EPSS
30.7%
top 3.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedApr 10
Latest updateMay 17

Description

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-9pjc-88j6-6ww4: Cisco Adaptive Security Appliance (ASA) Software 8โ†—2022-05-17
โ–ถ
CVEList
CVE-2014-2127: Cisco Adaptive Security Appliance (ASA) Software 8โ†—2014-04-10
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Metasploit
Cisco ASA SSL VPN Privilege Escalation Vulnerabilityโ†—
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco ASA Softwareโ†—2014-04-09
โ–ถ
CVE-2014-2127 โ€” Improper Input Validation in Cisco | cvebase