CVE-2014-3392Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20Improper Input ValidationCWE-16CWE-287Improper AuthenticationCWE-362Race ConditionCWE-399CWE-78OS Command Injection4 documents4 sources
Severity
8.3HIGHNVD
EPSS
0.5%
top 34.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedOct 10
Latest updateMay 17

Description

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.

CVSS vector

AV:N/AC:M/C:P/I:P/A:CExploitability: 8.6 | Impact: 8.5

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g5mf-h4p3-45v3: The Clientless SSL VPN portal in Cisco ASA Software 82022-05-17
CVEList
CVE-2014-3392: The Clientless SSL VPN portal in Cisco ASA Software 82014-10-10

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco ASA Software2014-10-08
CVE-2014-3392 — Improper Input Validation in Cisco | cvebase