The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa | Vendor Advisory |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa - Vendor Advisory |
15 Aug 2023, 14:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:* |
11 Aug 2023, 18:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:* cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:* cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:* |
Information
Published : 2014-10-10 10:55
Updated : 2024-11-21 02:07
NVD link : CVE-2014-3390
Mitre link : CVE-2014-3390
CVE.ORG link : CVE-2014-3390
JSON object : View
Products Affected
cisco
- adaptive_security_appliance_software
CWE
CWE-20
Improper Input Validation