ID
VAR-201401-0359
CVE
CVE-2014-0653
TITLE
Cisco Adaptive Security Appliance Software Identity Firewall Vulnerabilities that trigger changes in authentication status in functions
Trust: 0.8
DESCRIPTION
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. Successfully exploiting this issue will allow an attacker to perform certain unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCuj45340. A remote attacker could exploit this vulnerability to affect the current authorized user's access
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | adaptive security appliance | scope: | - | version: | - | Trust: 1.4 |
| vendor: | cisco | model: | adaptive security appliance | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | cisco | model: | adaptive security appliance software | scope: | lte | version: | 9.1(.3) | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0653 | Trust: 0.8 |
| title: | 32363 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=32363 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-0653 | Trust: 2.8 |
| db: | BID | id: | 64708 | Trust: 1.4 |
| db: | OSVDB | id: | 101834 | Trust: 1.1 |
| db: | SECTRACK | id: | 1029570 | Trust: 1.1 |
| db: | SECUNIA | id: | 56366 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2014-001011 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201401-106 | Trust: 0.7 |
| db: | CISCO | id: | 20140107 CISCO ADAPTIVE SECURITY APPLIANCE IDENTITY FIREWALL NETBIOS LOGOUT PROBE AUTH STATE CHANGE VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-68146 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0653 | Trust: 1.7 |
| url: | http://www.securityfocus.com/bid/64708 | Trust: 1.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=32363 | Trust: 1.1 |
| url: | http://osvdb.org/101834 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1029570 | Trust: 1.1 |
| url: | http://secunia.com/advisories/56366 | Trust: 1.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/90165 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0653 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0653 | Trust: 0.8 |
| url: | http://www.cisco.com/en/us/products/ps6120/index.html | Trust: 0.3 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-68146 |
| db: | BID | id: | 64708 |
| db: | JVNDB | id: | JVNDB-2014-001011 |
| db: | CNNVD | id: | CNNVD-201401-106 |
| db: | NVD | id: | CVE-2014-0653 |
LAST UPDATE DATE
2024-11-23T22:39:03.710000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-68146 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 64708 | date: | 2014-01-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001011 | date: | 2014-01-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-106 | date: | 2014-01-09T00:00:00 |
| db: | NVD | id: | CVE-2014-0653 | date: | 2024-11-21T02:02:35.630 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-68146 | date: | 2014-01-08T00:00:00 |
| db: | BID | id: | 64708 | date: | 2014-01-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001011 | date: | 2014-01-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-106 | date: | 2014-01-09T00:00:00 |
| db: | NVD | id: | CVE-2014-0653 | date: | 2014-01-08T21:55:06.270 |