Details of VAR-201406-0393

ID

VAR-201406-0393

CVE

CVE-2014-2151

TITLE

Cisco Adaptive Security Appliance Software WebVPN Vulnerability in which important information is obtained in the portal

Trust: 0.8

sources: JVNDB: JVNDB-2014-002975

DESCRIPTION

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCui04520

Trust: 1.98

sources: NVD: CVE-2014-2151 // JVNDB: JVNDB-2014-002975 // BID: 68063 // VULHUB: VHN-70090

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.4\(7.15\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	8.4(.7.15)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.4\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.7\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.7.3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.7.15\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.4.3\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.5\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.3.9\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.4.9\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.4.5\)	Trust: 0.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4\(.4.1\)	Trust: 0.6
vendor:	huawei	model:	singlecloud v100r002c85	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	singlecloud v100r002c01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	singlecloud v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	galaxengine v100r002c02	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c00	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.56	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.49	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.45	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.43	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.41	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.39	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.38	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.28	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.13	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 0.3
vendor:	huawei	model:	singlecloud v100r005c00spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	galaxengine v100r005c00spc300	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00spc300	scope:	ne	version:	-	Trust: 0.3

sources: BID: 68063 // JVNDB: JVNDB-2014-002975 // CNNVD: CNNVD-201406-418 // NVD: CVE-2014-2151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2151
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2151
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201406-418
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70090
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2151
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70090
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70090 // JVNDB: JVNDB-2014-002975 // CNNVD: CNNVD-201406-418 // NVD: CVE-2014-2151

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-70090 // JVNDB: JVNDB-2014-002975 // NVD: CVE-2014-2151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-418

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 68063 // CNNVD: CNNVD-201406-418

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002975

PATCH

title:	Cisco ASA WebVPN Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151	Trust: 0.8
title:	34627	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34627	Trust: 0.8

sources: JVNDB: JVNDB-2014-002975

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2151	Trust: 2.8
db:	BID	id:	68063	Trust: 2.0
db:	SECTRACK	id:	1030445	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-002975	Trust: 0.8
db:	CNNVD	id:	CNNVD-201406-418	Trust: 0.7
db:	VULHUB	id:	VHN-70090	Trust: 0.1

sources: VULHUB: VHN-70090 // BID: 68063 // JVNDB: JVNDB-2014-002975 // CNNVD: CNNVD-201406-418 // NVD: CVE-2014-2151

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2151	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34627	Trust: 2.0
url:	http://www.securityfocus.com/bid/68063	Trust: 1.7
url:	http://www.securitytracker.com/id/1030445	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2151	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2151	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-423503.htm	Trust: 0.3

sources: VULHUB: VHN-70090 // BID: 68063 // JVNDB: JVNDB-2014-002975 // CNNVD: CNNVD-201406-418 // NVD: CVE-2014-2151

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68063

SOURCES

db:	VULHUB	id:	VHN-70090
db:	BID	id:	68063
db:	JVNDB	id:	JVNDB-2014-002975
db:	CNNVD	id:	CNNVD-201406-418
db:	NVD	id:	CVE-2014-2151

LAST UPDATE DATE

2024-11-23T22:18:36.102000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70090	date:	2020-01-21T00:00:00
db:	BID	id:	68063	date:	2015-05-07T17:36:00
db:	JVNDB	id:	JVNDB-2014-002975	date:	2014-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201406-418	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2014-2151	date:	2024-11-21T02:05:44.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70090	date:	2014-06-18T00:00:00
db:	BID	id:	68063	date:	2014-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002975	date:	2014-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201406-418	date:	2014-06-19T00:00:00
db:	NVD	id:	CVE-2014-2151	date:	2014-06-18T16:55:07.203