Details of VAR-201410-0078

ID

VAR-201410-0078

CVE

CVE-2014-3391

TITLE

Cisco ASA Vulnerability gained privilege in software

Trust: 0.8

sources: JVNDB: JVNDB-2014-004665

DESCRIPTION

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661. Cisco ASA The software contains a vulnerability that allows it to obtain permission because of a flaw in the processing related to the search path. Cisco Adaptive Security Appliance (ASA) Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to inject a malicious library and take complete control of the system. This issue is being tracked by Cisco Bug ID CSCtq52661. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following versions are affected: Cisco ASA Software 8.x prior to 8.4(3), 8.5 prior to 8.7(1.13), 8.7 prior

Trust: 1.98

sources: NVD: CVE-2014-3391 // JVNDB: JVNDB-2014-004665 // BID: 70300 // VULHUB: VHN-71331

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.0.45	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.17	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.10	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.31	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.46	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.39	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.23	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.48	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.37	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.25	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7(1.13)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.x	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.7	Trust: 0.8

sources: JVNDB: JVNDB-2014-004665 // CNNVD: CNNVD-201410-214 // NVD: CVE-2014-3391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3391
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3391
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-214
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71331
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3391
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71331
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71331 // JVNDB: JVNDB-2014-004665 // CNNVD: CNNVD-201410-214 // NVD: CVE-2014-3391

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71331 // JVNDB: JVNDB-2014-004665 // NVD: CVE-2014-3391

THREAT TYPE

local

Trust: 0.9

sources: BID: 70300 // CNNVD: CNNVD-201410-214

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-214

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004665

PATCH

title:	cisco-sa-20141008-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Trust: 0.8
title:	35914	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35914	Trust: 0.8
title:	cisco-sa-20141008-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2014-004665

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3391	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-004665	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-214	Trust: 0.7
db:	BID	id:	70300	Trust: 0.4
db:	VULHUB	id:	VHN-71331	Trust: 0.1

sources: VULHUB: VHN-71331 // BID: 70300 // JVNDB: JVNDB-2014-004665 // CNNVD: CNNVD-201410-214 // NVD: CVE-2014-3391

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3391	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3391	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps12726/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35914	Trust: 0.3
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-71331 // BID: 70300 // JVNDB: JVNDB-2014-004665 // CNNVD: CNNVD-201410-214 // NVD: CVE-2014-3391

CREDITS

Cisco

Trust: 0.3

sources: BID: 70300

SOURCES

db:	VULHUB	id:	VHN-71331
db:	BID	id:	70300
db:	JVNDB	id:	JVNDB-2014-004665
db:	CNNVD	id:	CNNVD-201410-214
db:	NVD	id:	CVE-2014-3391

LAST UPDATE DATE

2024-11-23T22:49:26.049000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71331	date:	2014-10-13T00:00:00
db:	BID	id:	70300	date:	2014-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-004665	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-214	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3391	date:	2024-11-21T02:07:59.863

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71331	date:	2014-10-10T00:00:00
db:	BID	id:	70300	date:	2014-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-004665	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-214	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3391	date:	2014-10-10T10:55:06.557