Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2127

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-2127
Last Modified 10 Apr 2014 02:09:34
Published 10 Apr 2014 12:34:50
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2127

Summary

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

Vulnerable Systems

Application

  • Cisco Adaptive Security Appliance Software 8.0

  • Cisco Adaptive Security Appliance Software 8.1

  • Cisco Adaptive Security Appliance Software 8.2

  • Cisco Adaptive Security Appliance Software 8.3%281%29

  • Cisco Adaptive Security Appliance Software 8.4

  • Cisco Adaptive Security Appliance Software 8.6

  • Cisco Adaptive Security Appliance Software 9.0

  • Cisco Adaptive Security Appliance Software 9.1


References

CISCO - 20140409 Multiple Vulnerabilities in Cisco ASA Software


Last Updated: 27 May 2016 11:04:52