Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa | Vendor Advisory |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa - Vendor Advisory |
15 Aug 2023, 15:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
11 Aug 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:* |
Information
Published : 2014-04-10 04:34
Updated : 2024-11-21 02:05
NVD link : CVE-2014-2127
Mitre link : CVE-2014-2127
CVE.ORG link : CVE-2014-2127
JSON object : View
Products Affected
cisco
- adaptive_security_appliance_software
CWE
CWE-20
Improper Input Validation