Sign-up

ID

VAR-201402-0221


CVE

CVE-2014-0739


TITLE

Cisco Adaptive Security Appliance Software Phone Proxy In the component sec_db Vulnerability that bypasses authentication

Trust: 0.8

sources: JVNDB: JVNDB-2014-001457

DESCRIPTION

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and pass traffic from an untrusted phone through the ASA. This issue is tracked by Cisco Bug ID's CSCuj66766

Trust: 1.98

sources: NVD: CVE-2014-0739 // JVNDB: JVNDB-2014-001457 // BID: 65707 // VULHUB: VHN-68232

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1\(3\)

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.1(.3)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1\(.3\)

Trust: 0.6

sources: JVNDB: JVNDB-2014-001457 // CNNVD: CNNVD-201402-324 // NVD: CVE-2014-0739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0739
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0739
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201402-324
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68232
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0739
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68232
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68232 // JVNDB: JVNDB-2014-001457 // CNNVD: CNNVD-201402-324 // NVD: CVE-2014-0739

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-68232 // JVNDB: JVNDB-2014-001457 // NVD: CVE-2014-0739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-324

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001457

PATCH
title:Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739
Trust: 0.8
title:32955url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32955
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001457

EXTERNAL IDS
db:NVDid:CVE-2014-0739
Trust: 2.8
db:JVNDBid:JVNDB-2014-001457
Trust: 0.8
db:CNNVDid:CNNVD-201402-324
Trust: 0.7
db:BIDid:65707
Trust: 0.4
db:VULHUBid:VHN-68232
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68232 // 
            
            
            
            BID: 65707 // 
            
            
            
            JVNDB: JVNDB-2014-001457 // 
            
            
            
            CNNVD: CNNVD-201402-324 // 
            
            
            
            NVD: CVE-2014-0739

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0739
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32955
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0739
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0739
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6120/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68232 // 
            
            
            
            BID: 65707 // 
            
            
            
            JVNDB: JVNDB-2014-001457 // 
            
            
            
            CNNVD: CNNVD-201402-324 // 
            
            
            
            NVD: CVE-2014-0739

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65707

SOURCES
db:VULHUBid:VHN-68232
db:BIDid:65707
db:JVNDBid:JVNDB-2014-001457
db:CNNVDid:CNNVD-201402-324
db:NVDid:CVE-2014-0739

LAST UPDATE DATE
2024-11-23T23:09:54.171000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68232date:2019-12-11T00:00:00
db:BIDid:65707date:2014-02-25T01:12:00
db:JVNDBid:JVNDB-2014-001457date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-324date:2019-12-12T00:00:00
db:NVDid:CVE-2014-0739date:2024-11-21T02:02:43.260

SOURCES RELEASE DATE
db:VULHUBid:VHN-68232date:2014-02-22T00:00:00
db:BIDid:65707date:2014-02-20T00:00:00
db:JVNDBid:JVNDB-2014-001457date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-324date:2014-02-26T00:00:00
db:NVDid:CVE-2014-0739date:2014-02-22T21:55:09.750