ID

VAR-201410-0080


CVE

CVE-2014-3393


TITLE

Cisco ASA Software Clientless SSL VPN In the portal customization framework RAMFS Vulnerability to modify customization objects

Trust: 0.8

sources: JVNDB: JVNDB-2014-004667

DESCRIPTION

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. Vendors have confirmed this vulnerability Bug ID CSCup36829 It is released as.By a third party RAMFS Customization objects may be changed. The Cisco ASA 5500 Series Adaptive Security Appliance is a modular platform for providing security and VPN services with firewall, IPS, anti-X, and VPN services. This issue is tracked by Cisco Bug ID CSCup36829. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the program's incorrect implementation of authentication. A remote attacker can exploit this vulnerability to modify RAMFS custom objects. The following versions are affected: Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.24), 9.1( 5.12) prior to 9.1, 9.2(2.4) prior to 9.2

Trust: 2.52

sources: NVD: CVE-2014-3393 // JVNDB: JVNDB-2014-004667 // CNVD: CNVD-2014-06586 // BID: 70309 // VULHUB: VHN-71333

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-06586

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.2

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.2.8

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.5

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.3.8

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.4

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.3.9

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.4.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.2.1

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.1.3

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.3

Trust: 1.6

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.41

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2.16

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.5.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.4.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.1.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.40

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.46

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.7.15

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2.17

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.33

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.1.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.1.11

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.5.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.48

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.22

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.2.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.5.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.4.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.24

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.40

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.20

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.17

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.3.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.4.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.31

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.4.9

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.1.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.7.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.2.8

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.4.5

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.3.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2.2.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.1.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.34

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.7.22

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.39

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.23

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.50

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.1.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6.1.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4.5.6

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.13

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.41

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.5.26

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.37

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2.0.45

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.4

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.33

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.3.8

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3.2.25

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.4(7.23)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.0(4.24)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.3

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.2(5.51)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.2

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.1(5.12)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.1

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.4

Trust: 0.8

vendor:ciscomodel:adaptive security appliancescope:eqversion:(asa)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.3(2.42)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:8.6(1.14)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.0

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion:9.2(2.4)

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:8.6

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.2

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-06586 // JVNDB: JVNDB-2014-004667 // CNNVD: CNNVD-201410-216 // NVD: CVE-2014-3393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3393
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3393
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-06586
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201410-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71333
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3393
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06586
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71333
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-06586 // VULHUB: VHN-71333 // JVNDB: JVNDB-2014-004667 // CNNVD: CNNVD-201410-216 // NVD: CVE-2014-3393

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-71333 // JVNDB: JVNDB-2014-004667 // NVD: CVE-2014-3393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-216

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201410-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004667

PATCH

title:cisco-sa-20141008-asaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Trust: 0.8

title:35917url:http://tools.cisco.com/security/center/viewAlert.x?alertId=35917

Trust: 0.8

title:cisco-sa-20141008-asaurl:http://www.cisco.com/cisco/web/support/JP/112/1126/1126286_cisco-sa-20141008-asa-j.html

Trust: 0.8

title:Patch for the Cisco Adaptive Security Appliance (ASA) Software Remote Security Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/50640

Trust: 0.6

title:Cisco ASA Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193762

Trust: 0.6

sources: CNVD: CNVD-2014-06586 // JVNDB: JVNDB-2014-004667 // CNNVD: CNNVD-201410-216

EXTERNAL IDS

db:NVDid:CVE-2014-3393

Trust: 3.4

db:BIDid:70309

Trust: 1.0

db:JVNDBid:JVNDB-2014-004667

Trust: 0.8

db:CNNVDid:CNNVD-201410-216

Trust: 0.7

db:CNVDid:CNVD-2014-06586

Trust: 0.6

db:VULHUBid:VHN-71333

Trust: 0.1

sources: CNVD: CNVD-2014-06586 // VULHUB: VHN-71333 // BID: 70309 // JVNDB: JVNDB-2014-004667 // CNNVD: CNNVD-201410-216 // NVD: CVE-2014-3393

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa

Trust: 2.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3393

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3393

Trust: 0.8

url:www.cisco.com

Trust: 0.3

sources: CNVD: CNVD-2014-06586 // VULHUB: VHN-71333 // BID: 70309 // JVNDB: JVNDB-2014-004667 // CNNVD: CNNVD-201410-216 // NVD: CVE-2014-3393

CREDITS

Alec Stuart-Muirk

Trust: 0.3

sources: BID: 70309

SOURCES

db:CNVDid:CNVD-2014-06586
db:VULHUBid:VHN-71333
db:BIDid:70309
db:JVNDBid:JVNDB-2014-004667
db:CNNVDid:CNNVD-201410-216
db:NVDid:CVE-2014-3393

LAST UPDATE DATE

2024-11-23T22:38:55.667000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-06586date:2014-10-10T00:00:00
db:VULHUBid:VHN-71333date:2014-10-13T00:00:00
db:BIDid:70309date:2014-10-08T00:00:00
db:JVNDBid:JVNDB-2014-004667date:2014-10-14T00:00:00
db:CNNVDid:CNNVD-201410-216date:2022-05-24T00:00:00
db:NVDid:CVE-2014-3393date:2024-11-21T02:08:00.143

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-06586date:2014-10-10T00:00:00
db:VULHUBid:VHN-71333date:2014-10-10T00:00:00
db:BIDid:70309date:2014-10-08T00:00:00
db:JVNDBid:JVNDB-2014-004667date:2014-10-14T00:00:00
db:CNNVDid:CNNVD-201410-216date:2014-10-14T00:00:00
db:NVDid:CVE-2014-3393date:2014-10-10T10:55:06.650