CVE-2014-3391Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input ValidationCWE-16CWE-287Improper AuthenticationCWE-362Race ConditionCWE-399CWE-78OS Command Injection5 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 73.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedOct 10
Latest updateMay 17

Description

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5j63-5mwr-m2vp: Untrusted search path vulnerability in Cisco ASA Software 82022-05-17
CVEList
CVE-2014-3391: Untrusted search path vulnerability in Cisco ASA Software 82014-10-10

📋Vendor Advisories

2
Cisco
Cisco ASA Local Path Inclusion Vulnerability2014-10-08
Cisco
Multiple Vulnerabilities in Cisco ASA Software2014-10-08
CVE-2014-3391 — Improper Input Validation in Cisco | cvebase