Sign-up

ID

VAR-201405-0466


CVE

CVE-2014-2181


TITLE

Cisco Adaptive Security Appliance Software read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002408

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551. An attacker can exploit exploit this issue to gain access to files stored on the device file system, which may lead to further attacks. This issue is tracked by Cisco BugId CSCun78551

Trust: 1.98

sources: NVD: CVE-2014-2181 // JVNDB: JVNDB-2014-002408 // BID: 67221 // VULHUB: VHN-70120

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.1(.5)

Trust: 0.8

sources: JVNDB: JVNDB-2014-002408 // CNNVD: CNNVD-201405-096 // NVD: CVE-2014-2181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2181
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2181
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201405-096
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70120
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2181
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70120
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70120 // JVNDB: JVNDB-2014-002408 // CNNVD: CNNVD-201405-096 // NVD: CVE-2014-2181

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-70120 // JVNDB: JVNDB-2014-002408 // NVD: CVE-2014-2181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-096

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201405-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002408

PATCH
title:Cisco ASA Information Disclosure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2181
Trust: 0.8
title:34137url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34137
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002408

EXTERNAL IDS
db:NVDid:CVE-2014-2181
Trust: 2.8
db:JVNDBid:JVNDB-2014-002408
Trust: 0.8
db:CNNVDid:CNNVD-201405-096
Trust: 0.7
db:CISCOid:20140506 CISCO ASA INFORMATION DISCLOSURE VULNERABILITY
Trust: 0.6
db:BIDid:67221
Trust: 0.4
db:VULHUBid:VHN-70120
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70120 // 
            
            
            
            BID: 67221 // 
            
            
            
            JVNDB: JVNDB-2014-002408 // 
            
            
            
            CNNVD: CNNVD-201405-096 // 
            
            
            
            NVD: CVE-2014-2181

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2181
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2181
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2181
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6120/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70120 // 
            
            
            
            BID: 67221 // 
            
            
            
            JVNDB: JVNDB-2014-002408 // 
            
            
            
            CNNVD: CNNVD-201405-096 // 
            
            
            
            NVD: CVE-2014-2181

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 67221

SOURCES
db:VULHUBid:VHN-70120
db:BIDid:67221
db:JVNDBid:JVNDB-2014-002408
db:CNNVDid:CNNVD-201405-096
db:NVDid:CVE-2014-2181

LAST UPDATE DATE
2024-11-23T23:05:46.901000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70120date:2014-05-07T00:00:00
db:BIDid:67221date:2014-05-08T11:13:00
db:JVNDBid:JVNDB-2014-002408date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-096date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2181date:2024-11-21T02:05:48.430

SOURCES RELEASE DATE
db:VULHUBid:VHN-70120date:2014-05-07T00:00:00
db:BIDid:67221date:2014-05-06T00:00:00
db:JVNDBid:JVNDB-2014-002408date:2014-05-08T00:00:00
db:CNNVDid:CNNVD-201405-096date:2014-05-08T00:00:00
db:NVDid:CVE-2014-2181date:2014-05-07T10:55:05.057