CVE-2014-2151 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 45.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedJun 18

Latest updateMay 13

Description

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software8.4\(7.15\)

🔴Vulnerability Details

GHSA

GHSA-w9vr-w6m4-g679: The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8↗2022-05-13

▶

CVEList

CVE-2014-2151: The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8↗2014-06-18

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software WebVPN Information Disclosure Vulnerability↗2014-06-17

▶