Details of VAR-201404-0572

ID

VAR-201404-0572

CVE

CVE-2014-2128

TITLE

Cisco Adaptive Security Appliance Software SSL VPN Vulnerabilities that prevent authentication from being implemented

Trust: 0.8

sources: JVNDB: JVNDB-2014-001941

DESCRIPTION

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthenticated access to the SSL VPN Portal page. This issue is tracked by Cisco Bug ID CSCua85555

Trust: 2.07

sources: NVD: CVE-2014-2128 // JVNDB: JVNDB-2014-001941 // BID: 66746 // VULHUB: VHN-70067 // VULMON: CVE-2014-2128

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3\(1\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.3	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6(1.13)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(3.2)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.47)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3(2.40)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(3.8)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.6	Trust: 0.8

sources: JVNDB: JVNDB-2014-001941 // CNNVD: CNNVD-201404-115 // NVD: CVE-2014-2128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2128
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2128
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-115
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70067
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-2128
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2128
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70067 // VULMON: CVE-2014-2128 // JVNDB: JVNDB-2014-001941 // CNNVD: CNNVD-201404-115 // NVD: CVE-2014-2128

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-70067 // JVNDB: JVNDB-2014-001941 // NVD: CVE-2014-2128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-115

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201404-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001941

PATCH

title:	cisco-sa-20140409-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa	Trust: 0.8
title:	33624	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33624	Trust: 0.8
title:	cisco-sa-20140409-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122330_cisco-sa-20140409-asa-j.html	Trust: 0.8
title:	Cisco: Cisco Adaptive Security Appliance SSL VPN Authentication Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140409-CVE-2014-2128	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in Cisco ASA Software	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20140409-asa	Trust: 0.1

sources: VULMON: CVE-2014-2128 // JVNDB: JVNDB-2014-001941

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2128	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-001941	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-115	Trust: 0.7
db:	CISCO	id:	20140409 MULTIPLE VULNERABILITIES IN CISCO ASA SOFTWARE	Trust: 0.6
db:	NSFOCUS	id:	26490	Trust: 0.6
db:	BID	id:	66746	Trust: 0.5
db:	SEEBUG	id:	SSVID-62151	Trust: 0.1
db:	VULHUB	id:	VHN-70067	Trust: 0.1
db:	VULMON	id:	CVE-2014-2128	Trust: 0.1

sources: VULHUB: VHN-70067 // VULMON: CVE-2014-2128 // BID: 66746 // JVNDB: JVNDB-2014-001941 // CNNVD: CNNVD-201404-115 // NVD: CVE-2014-2128

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-asa	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2128	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2128	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/26490	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/66746	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-cve-2014-2128	Trust: 0.1
url:	https://nmap.org/nsedoc/scripts/http-vuln-cve2014-2128.html	Trust: 0.1

sources: VULHUB: VHN-70067 // VULMON: CVE-2014-2128 // BID: 66746 // JVNDB: JVNDB-2014-001941 // CNNVD: CNNVD-201404-115 // NVD: CVE-2014-2128

CREDITS

Cisco

Trust: 0.3

sources: BID: 66746

SOURCES

db:	VULHUB	id:	VHN-70067
db:	VULMON	id:	CVE-2014-2128
db:	BID	id:	66746
db:	JVNDB	id:	JVNDB-2014-001941
db:	CNNVD	id:	CNNVD-201404-115
db:	NVD	id:	CVE-2014-2128

LAST UPDATE DATE

2024-11-23T22:23:06.121000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70067	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2128	date:	2023-08-15T00:00:00
db:	BID	id:	66746	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001941	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-115	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2128	date:	2024-11-21T02:05:42.387

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70067	date:	2014-04-10T00:00:00
db:	VULMON	id:	CVE-2014-2128	date:	2014-04-10T00:00:00
db:	BID	id:	66746	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001941	date:	2014-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201404-115	date:	2014-04-15T00:00:00
db:	NVD	id:	CVE-2014-2128	date:	2014-04-10T04:34:51.007