Sign-up

ID

VAR-201412-0054


CVE

CVE-2014-3410


TITLE

Cisco Adaptive Security Appliance Software syslog-management Vulnerability of obtaining administrator password in subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2014-007370

DESCRIPTION

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860. An attacker can exploit this issue to gain access to passwords that may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCuq22357 and CSCur41860

Trust: 1.98

sources: NVD: CVE-2014-3410 // JVNDB: JVNDB-2014-007370 // BID: 71765 // VULHUB: VHN-71350

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:adaptive security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:adaptive security appliance softwarescope:lteversion:9.3.2

Trust: 0.8

sources: JVNDB: JVNDB-2014-007370 // CNNVD: CNNVD-201412-450 // NVD: CVE-2014-3410

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3410
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3410
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-450
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71350
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3410
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71350
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71350 // JVNDB: JVNDB-2014-007370 // CNNVD: CNNVD-201412-450 // NVD: CVE-2014-3410

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-71350 // JVNDB: JVNDB-2014-007370 // NVD: CVE-2014-3410

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-450

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007370

PATCH
title:Cisco ASA Information Leak in Syslog Messages Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3410
Trust: 0.8
title:36846url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36846
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007370

EXTERNAL IDS
db:NVDid:CVE-2014-3410
Trust: 2.8
db:JVNDBid:JVNDB-2014-007370
Trust: 0.8
db:CNNVDid:CNNVD-201412-450
Trust: 0.7
db:BIDid:71765
Trust: 0.4
db:VULHUBid:VHN-71350
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71350 // 
            
            
            
            BID: 71765 // 
            
            
            
            JVNDB: JVNDB-2014-007370 // 
            
            
            
            CNNVD: CNNVD-201412-450 // 
            
            
            
            NVD: CVE-2014-3410

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3410
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3410
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3410
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-71350 // 
            
            
            
            BID: 71765 // 
            
            
            
            JVNDB: JVNDB-2014-007370 // 
            
            
            
            CNNVD: CNNVD-201412-450 // 
            
            
            
            NVD: CVE-2014-3410

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71765

SOURCES
db:VULHUBid:VHN-71350
db:BIDid:71765
db:JVNDBid:JVNDB-2014-007370
db:CNNVDid:CNNVD-201412-450
db:NVDid:CVE-2014-3410

LAST UPDATE DATE
2024-11-23T22:59:38.264000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71350date:2014-12-22T00:00:00
db:BIDid:71765date:2015-01-06T01:02:00
db:JVNDBid:JVNDB-2014-007370date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-450date:2014-12-24T00:00:00
db:NVDid:CVE-2014-3410date:2024-11-21T02:08:01.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-71350date:2014-12-20T00:00:00
db:BIDid:71765date:2014-12-19T00:00:00
db:JVNDBid:JVNDB-2014-007370date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-450date:2014-12-23T00:00:00
db:NVDid:CVE-2014-3410date:2014-12-20T00:59:00.057