Details of VAR-201404-0570

ID

VAR-201404-0570

CVE

CVE-2014-2126

TITLE

Cisco Adaptive Security Appliance Vulnerability gained privilege in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-001939

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496. Vendors have confirmed this vulnerability Bug ID CSCuj33496 It is released as.Level by remote authenticated user 0 of ASDM There is a possibility that authority is acquired by using access. Remote attackers can exploit this issue to gain elevated privileges and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuj33496

Trust: 2.07

sources: NVD: CVE-2014-2126 // JVNDB: JVNDB-2014-001939 // BID: 66747 // VULHUB: VHN-70065 // VULMON: CVE-2014-2126

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7(1.11)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.5)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(3.4)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.47)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.10)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.7	Trust: 0.8

sources: JVNDB: JVNDB-2014-001939 // CNNVD: CNNVD-201404-113 // NVD: CVE-2014-2126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2126
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2126
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201404-113
value:	HIGH
Trust: 0.6
VULHUB:	VHN-70065
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-2126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2126
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70065
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70065 // VULMON: CVE-2014-2126 // JVNDB: JVNDB-2014-001939 // CNNVD: CNNVD-201404-113 // NVD: CVE-2014-2126

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-70065 // JVNDB: JVNDB-2014-001939 // NVD: CVE-2014-2126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-113

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201404-113

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001939

PATCH

title:	cisco-sa-20140409-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa	Trust: 0.8
title:	33622	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33622	Trust: 0.8
title:	cisco-sa-20140409-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122330_cisco-sa-20140409-asa-j.html	Trust: 0.8
title:	Cisco: Multiple Vulnerabilities in Cisco ASA Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20140409-asa	Trust: 0.1
title:	-	url:	https://github.com/pwdworkstation/nmap-scan	Trust: 0.1

sources: VULMON: CVE-2014-2126 // JVNDB: JVNDB-2014-001939

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2126	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-001939	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-113	Trust: 0.7
db:	CISCO	id:	20140409 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	NSFOCUS	id:	26489	Trust: 0.6
db:	BID	id:	66747	Trust: 0.4
db:	SEEBUG	id:	SSVID-62152	Trust: 0.1
db:	VULHUB	id:	VHN-70065	Trust: 0.1
db:	VULMON	id:	CVE-2014-2126	Trust: 0.1

sources: VULHUB: VHN-70065 // VULMON: CVE-2014-2126 // BID: 66747 // JVNDB: JVNDB-2014-001939 // CNNVD: CNNVD-201404-113 // NVD: CVE-2014-2126

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-asa	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2126	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2126	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/26489	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://github.com/pwdworkstation/nmap-scan	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33622	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nmap.org/nsedoc/scripts/http-vuln-cve2014-2126.html	Trust: 0.1

sources: VULHUB: VHN-70065 // VULMON: CVE-2014-2126 // BID: 66747 // JVNDB: JVNDB-2014-001939 // CNNVD: CNNVD-201404-113 // NVD: CVE-2014-2126

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66747

SOURCES

db:	VULHUB	id:	VHN-70065
db:	VULMON	id:	CVE-2014-2126
db:	BID	id:	66747
db:	JVNDB	id:	JVNDB-2014-001939
db:	CNNVD	id:	CNNVD-201404-113
db:	NVD	id:	CVE-2014-2126

LAST UPDATE DATE

2024-11-23T22:23:06.219000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70065	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2126	date:	2023-08-15T00:00:00
db:	BID	id:	66747	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001939	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-113	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2126	date:	2024-11-21T02:05:42.160

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70065	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2126	date:	2014-04-10T00:00:00
db:	BID	id:	66747	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001939	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-113	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2126	date:	2014-04-10T04:34:50.930