Sign-up

ID

VAR-201402-0220


CVE

CVE-2014-0738


TITLE

Cisco Adaptive Security Appliance Software Phone Proxy Vulnerabilities that bypass authentication in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-001456

DESCRIPTION

The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. Successfully exploiting this issue will allow an attacker to perform certain unauthorized actions. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCuj66770

Trust: 1.98

sources: NVD: CVE-2014-0738 // JVNDB: JVNDB-2014-001456 // BID: 65708 // VULHUB: VHN-68231

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.1(.3)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001456 // CNNVD: CNNVD-201402-323 // NVD: CVE-2014-0738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0738
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0738
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68231
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0738
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68231
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68231 // JVNDB: JVNDB-2014-001456 // CNNVD: CNNVD-201402-323 // NVD: CVE-2014-0738

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-68231 // JVNDB: JVNDB-2014-001456 // NVD: CVE-2014-0738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-323

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001456

PATCH
title:Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738
Trust: 0.8
title:32956url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32956
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001456

EXTERNAL IDS
db:NVDid:CVE-2014-0738
Trust: 2.8
db:JVNDBid:JVNDB-2014-001456
Trust: 0.8
db:CNNVDid:CNNVD-201402-323
Trust: 0.7
db:CISCOid:20140220 CISCO ADAPTIVE SECURITY APPLIANCE PHONE PROXY CTL AUTHENTICATION VULNERABILITY
Trust: 0.6
db:BIDid:65708
Trust: 0.4
db:VULHUBid:VHN-68231
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68231 // 
            
            
            
            BID: 65708 // 
            
            
            
            JVNDB: JVNDB-2014-001456 // 
            
            
            
            CNNVD: CNNVD-201402-323 // 
            
            
            
            NVD: CVE-2014-0738

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0738
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32956
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0738
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0738
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6120/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68231 // 
            
            
            
            BID: 65708 // 
            
            
            
            JVNDB: JVNDB-2014-001456 // 
            
            
            
            CNNVD: CNNVD-201402-323 // 
            
            
            
            NVD: CVE-2014-0738

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65708

SOURCES
db:VULHUBid:VHN-68231
db:BIDid:65708
db:JVNDBid:JVNDB-2014-001456
db:CNNVDid:CNNVD-201402-323
db:NVDid:CVE-2014-0738

LAST UPDATE DATE
2024-11-23T22:52:53.437000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68231date:2016-09-09T00:00:00
db:BIDid:65708date:2014-02-25T01:02:00
db:JVNDBid:JVNDB-2014-001456date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-323date:2014-02-26T00:00:00
db:NVDid:CVE-2014-0738date:2024-11-21T02:02:43.157

SOURCES RELEASE DATE
db:VULHUBid:VHN-68231date:2014-02-22T00:00:00
db:BIDid:65708date:2014-02-20T00:00:00
db:JVNDBid:JVNDB-2014-001456date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-323date:2014-02-26T00:00:00
db:NVDid:CVE-2014-0738date:2014-02-22T21:55:09.717