CVE-2014-3394Improper Certificate Validation in Cisco Adaptive Security Appliance Software

CWE-295Improper Certificate ValidationCWE-16CWE-20Improper Input ValidationCWE-287Improper AuthenticationCWE-362Race ConditionCWE-399CWE-78OS Command InjectionCWE-99Resource Injection6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 74.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Adaptive Security Appliance Software
Timeline
PublishedOct 10
Latest updateMay 17

Description

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2p88-v9r5-p4mp: The Smart Call Home (SCH) implementation in Cisco ASA Software 82022-05-17
CVEList
CVE-2014-3394: The Smart Call Home (SCH) implementation in Cisco ASA Software 82014-10-10

📋Vendor Advisories

2
Cisco
Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability2014-10-08
Cisco
Multiple Vulnerabilities in Cisco ASA Software2014-10-08
CVE-2014-3394 — Improper Certificate Validation | cvebase