Details of VAR-201401-0361

ID

VAR-201401-0361

CVE

CVE-2014-0655

TITLE

Cisco Adaptive Security Appliance Software Identity Firewall Vulnerability to change the contents of the user cache in the function

Trust: 0.8

sources: JVNDB: JVNDB-2014-001013

DESCRIPTION

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCuj45332

Trust: 1.98

sources: NVD: CVE-2014-0655 // JVNDB: JVNDB-2014-001013 // BID: 64700 // VULHUB: VHN-68148

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.1(.3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64700 // JVNDB: JVNDB-2014-001013 // CNNVD: CNNVD-201401-108 // NVD: CVE-2014-0655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0655
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0655
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68148
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0655
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68148
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68148 // JVNDB: JVNDB-2014-001013 // CNNVD: CNNVD-201401-108 // NVD: CVE-2014-0655

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-68148 // JVNDB: JVNDB-2014-001013 // NVD: CVE-2014-0655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-108

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001013

PATCH

title:	Cisco Adaptive Security Appliance RADIUS Change of Authorization Message Replay Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0655	Trust: 0.8
title:	32362	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32362	Trust: 0.8

sources: JVNDB: JVNDB-2014-001013

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0655	Trust: 2.8
db:	BID	id:	64700	Trust: 1.4
db:	SECTRACK	id:	1029575	Trust: 1.1
db:	SECUNIA	id:	56366	Trust: 1.1
db:	OSVDB	id:	101838	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001013	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-108	Trust: 0.7
db:	CISCO	id:	20140107 CISCO ADAPTIVE SECURITY APPLIANCE RADIUS CHANGE OF AUTHORIZATION MESSAGE REPLAY VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-68148	Trust: 0.1

sources: VULHUB: VHN-68148 // BID: 64700 // JVNDB: JVNDB-2014-001013 // CNNVD: CNNVD-201401-108 // NVD: CVE-2014-0655

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0655	Trust: 2.0
url:	http://www.securityfocus.com/bid/64700	Trust: 1.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32362	Trust: 1.1
url:	http://osvdb.org/101838	Trust: 1.1
url:	http://www.securitytracker.com/id/1029575	Trust: 1.1
url:	http://secunia.com/advisories/56366	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90164	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0655	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0655	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps6120/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-68148 // BID: 64700 // JVNDB: JVNDB-2014-001013 // CNNVD: CNNVD-201401-108 // NVD: CVE-2014-0655

CREDITS

Cisco

Trust: 0.3

sources: BID: 64700

SOURCES

db:	VULHUB	id:	VHN-68148
db:	BID	id:	64700
db:	JVNDB	id:	JVNDB-2014-001013
db:	CNNVD	id:	CNNVD-201401-108
db:	NVD	id:	CVE-2014-0655

LAST UPDATE DATE

2024-11-23T22:39:03.680000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68148	date:	2017-08-29T00:00:00
db:	BID	id:	64700	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001013	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-108	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0655	date:	2024-11-21T02:02:35.893

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68148	date:	2014-01-08T00:00:00
db:	BID	id:	64700	date:	2014-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001013	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-108	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0655	date:	2014-01-08T21:55:06.333