CVE-2014-3393: The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before…

medium4.3CVSS 3.1

AVNACMAuNCNIPAN

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

Affected

103 ranges· showing 25

Vendor	Product	Version range	Fixed in
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—
cisco	adaptive_security_appliance_software	—	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N

vulncheck4.3MEDIUM