Sign-up

ID

VAR-201410-0059


CVE

CVE-2014-3398


TITLE

Cisco Adaptive Security Appliance Software SSL VPN Vulnerability in the implementation of critical software version information in the implementation of

Trust: 0.8

sources: JVNDB: JVNDB-2014-004527

DESCRIPTION

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuq65542

Trust: 1.98

sources: NVD: CVE-2014-3398 // JVNDB: JVNDB-2014-004527 // BID: 70230 // VULHUB: VHN-71338

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.2(.3)

Trust: 0.8

sources: JVNDB: JVNDB-2014-004527 // CNNVD: CNNVD-201410-110 // NVD: CVE-2014-3398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3398
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3398
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-110
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71338
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3398
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71338
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71338 // JVNDB: JVNDB-2014-004527 // CNNVD: CNNVD-201410-110 // NVD: CVE-2014-3398

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-71338 // JVNDB: JVNDB-2014-004527 // NVD: CVE-2014-3398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-110

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201410-110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004527

PATCH
title:Cisco ASA Software Version Information Disclosureurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3398
Trust: 0.8
title:35946url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35946
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004527

EXTERNAL IDS
db:NVDid:CVE-2014-3398
Trust: 2.8
db:JVNDBid:JVNDB-2014-004527
Trust: 0.8
db:CNNVDid:CNNVD-201410-110
Trust: 0.7
db:BIDid:70230
Trust: 0.4
db:VULHUBid:VHN-71338
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71338 // 
            
            
            
            BID: 70230 // 
            
            
            
            JVNDB: JVNDB-2014-004527 // 
            
            
            
            CNNVD: CNNVD-201410-110 // 
            
            
            
            NVD: CVE-2014-3398

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3398
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3398
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3398
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71338 // 
            
            
            
            BID: 70230 // 
            
            
            
            JVNDB: JVNDB-2014-004527 // 
            
            
            
            CNNVD: CNNVD-201410-110 // 
            
            
            
            NVD: CVE-2014-3398

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 70230

SOURCES
db:VULHUBid:VHN-71338
db:BIDid:70230
db:JVNDBid:JVNDB-2014-004527
db:CNNVDid:CNNVD-201410-110
db:NVDid:CVE-2014-3398

LAST UPDATE DATE
2024-11-23T22:38:55.704000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71338date:2014-10-06T00:00:00
db:BIDid:70230date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004527date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-110date:2014-10-11T00:00:00
db:NVDid:CVE-2014-3398date:2024-11-21T02:08:00.727

SOURCES RELEASE DATE
db:VULHUBid:VHN-71338date:2014-10-05T00:00:00
db:BIDid:70230date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004527date:2014-10-07T00:00:00
db:CNNVDid:CNNVD-201410-110date:2014-10-11T00:00:00
db:NVDid:CVE-2014-3398date:2014-10-05T01:55:13.173