CVE-2014-3264 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

0.3%

top 47.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software

Timeline

PublishedMay 20

Latest updateMay 17

Description

Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 6.8 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_software9.1\(5\)

🔴Vulnerability Details

GHSA

GHSA-767v-w2p6-p2g2: Cisco Adaptive Security Appliance (ASA) Software 9↗2022-05-17

▶

CVEList

CVE-2014-3264: Cisco Adaptive Security Appliance (ASA) Software 9↗2014-05-20

▶

📋Vendor Advisories

Cisco

Cisco Adaptive Security Appliance Software Crafter RADIUS Packets Denial of Service Vulnerability↗2014-05-19

▶

💬Community

Bugzilla

CVE-2014-9449 exiv2: buffer overflow in RiffVideo::infoTagsHandler↗2015-01-05

▶