Details of VAR-201410-0079

ID

VAR-201410-0079

CVE

CVE-2014-3392

TITLE

Cisco ASA Software Clientless SSL VPN Vulnerability in portal where important information is obtained from process memory

Trust: 0.8

sources: JVNDB: JVNDB-2014-004666

DESCRIPTION

The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136. Cisco Adaptive Security Appliance (ASA) Software is prone to a memory-corruption vulnerability. Successfully exploiting these issues may allow an attacker to obtain sensitive information, which could lead to a reload of the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuq29136. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following versions are affected: Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.15), 9.0 prior to 9.0(4.24), 9.1( 5.12) before 9.1, 9.2(2.8) before 9.2, 9.3(1.1) before 9.3

Trust: 1.98

sources: NVD: CVE-2014-3392 // JVNDB: JVNDB-2014-004666 // BID: 70306 // VULHUB: VHN-71332

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.10	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.6	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.23	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.13	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.15	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.46	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.48	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.20	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.31	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.39	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.37	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.0.45	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.25	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4(7.23)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0(4.24)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.3	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2(5.51)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.2	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1(5.12)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.0	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.1	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.4	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance	scope:	eq	version:	(asa)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3(2.42)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.3	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3(1.1)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6(1.15)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2(2.8)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	8.6	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.2	Trust: 0.8

sources: JVNDB: JVNDB-2014-004666 // CNNVD: CNNVD-201410-215 // NVD: CVE-2014-3392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3392
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3392
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-215
value:	HIGH
Trust: 0.6
VULHUB:	VHN-71332
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3392
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71332
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71332 // JVNDB: JVNDB-2014-004666 // CNNVD: CNNVD-201410-215 // NVD: CVE-2014-3392

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-71332 // JVNDB: JVNDB-2014-004666 // NVD: CVE-2014-3392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-215

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 70306 // CNNVD: CNNVD-201410-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004666

PATCH

title:	cisco-sa-20141008-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Trust: 0.8
title:	35916	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=35916	Trust: 0.8
title:	cisco-sa-20141008-asa	url:	http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html	Trust: 0.8
title:	Cisco ASA Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193761	Trust: 0.6

sources: JVNDB: JVNDB-2014-004666 // CNNVD: CNNVD-201410-215

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3392	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-004666	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-215	Trust: 0.7
db:	BID	id:	70306	Trust: 0.4
db:	VULHUB	id:	VHN-71332	Trust: 0.1

sources: VULHUB: VHN-71332 // BID: 70306 // JVNDB: JVNDB-2014-004666 // CNNVD: CNNVD-201410-215 // NVD: CVE-2014-3392

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3392	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3392	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=35916	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asa-software/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-71332 // BID: 70306 // JVNDB: JVNDB-2014-004666 // CNNVD: CNNVD-201410-215 // NVD: CVE-2014-3392

CREDITS

Hyrum M from SecurityMetrics.

Trust: 0.3

sources: BID: 70306

SOURCES

db:	VULHUB	id:	VHN-71332
db:	BID	id:	70306
db:	JVNDB	id:	JVNDB-2014-004666
db:	CNNVD	id:	CNNVD-201410-215
db:	NVD	id:	CVE-2014-3392

LAST UPDATE DATE

2024-11-23T23:09:21.823000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71332	date:	2014-10-13T00:00:00
db:	BID	id:	70306	date:	2014-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-004666	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-215	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2014-3392	date:	2024-11-21T02:08:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71332	date:	2014-10-10T00:00:00
db:	BID	id:	70306	date:	2014-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-004666	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-215	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-3392	date:	2014-10-10T10:55:06.603