Details of VAR-201502-0214

ID

VAR-201502-0214

CVE

CVE-2014-8023

TITLE

Cisco Adaptive Security Appliance Software Vulnerabilities in which access restrictions to resources are bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2014-007912

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. Vendors have confirmed this vulnerability Bug ID CSCtz48533 It is released as.Crafted by remotely authenticated users tunnel-group Access to resources may be circumvented via parameters. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCtz48533

Trust: 1.98

sources: NVD: CVE-2014-8023 // JVNDB: JVNDB-2014-007912 // BID: 72618 // VULHUB: VHN-75968

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lte	version:	9.2(.3)	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 0.6

sources: JVNDB: JVNDB-2014-007912 // CNNVD: CNNVD-201502-335 // NVD: CVE-2014-8023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8023
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8023
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201502-335
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75968
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8023
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-75968
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75968 // JVNDB: JVNDB-2014-007912 // CNNVD: CNNVD-201502-335 // NVD: CVE-2014-8023

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-75968 // JVNDB: JVNDB-2014-007912 // NVD: CVE-2014-8023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-335

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-335

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007912

PATCH

title:	Cisco ASA Challenge-Response Tunnel Group Selection Bypass Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8023	Trust: 0.8
title:	37489	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37489	Trust: 0.8

sources: JVNDB: JVNDB-2014-007912

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8023	Trust: 2.8
db:	BID	id:	72618	Trust: 2.0
db:	SECTRACK	id:	1031755	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-007912	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-335	Trust: 0.7
db:	XF	id:	100922	Trust: 0.6
db:	VULHUB	id:	VHN-75968	Trust: 0.1

sources: VULHUB: VHN-75968 // BID: 72618 // JVNDB: JVNDB-2014-007912 // CNNVD: CNNVD-201502-335 // NVD: CVE-2014-8023

REFERENCES

url:	http://www.securityfocus.com/bid/72618	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8023	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37489	Trust: 1.7
url:	http://www.securitytracker.com/id/1031755	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100922	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8023	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8023	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/100922	Trust: 0.6
url:	www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-75968 // BID: 72618 // JVNDB: JVNDB-2014-007912 // CNNVD: CNNVD-201502-335 // NVD: CVE-2014-8023

CREDITS

Cisco

Trust: 0.3

sources: BID: 72618

SOURCES

db:	VULHUB	id:	VHN-75968
db:	BID	id:	72618
db:	JVNDB	id:	JVNDB-2014-007912
db:	CNNVD	id:	CNNVD-201502-335
db:	NVD	id:	CVE-2014-8023

LAST UPDATE DATE

2024-11-23T22:13:32.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75968	date:	2017-09-08T00:00:00
db:	BID	id:	72618	date:	2015-03-19T07:29:00
db:	JVNDB	id:	JVNDB-2014-007912	date:	2015-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201502-335	date:	2015-02-25T00:00:00
db:	NVD	id:	CVE-2014-8023	date:	2024-11-21T02:18:26.787

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75968	date:	2015-02-17T00:00:00
db:	BID	id:	72618	date:	2015-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-007912	date:	2015-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201502-335	date:	2015-02-25T00:00:00
db:	NVD	id:	CVE-2014-8023	date:	2015-02-17T01:59:02.270