CVE-2014-2127CVE-2014-2127

Affected configuration(s):

cpe:/a:cisco:adaptive_security_appliance_software:8.0
cpe:/a:cisco:adaptive_security_appliance_software:8.1
cpe:/a:cisco:adaptive_security_appliance_software:8.2
cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29
cpe:/a:cisco:adaptive_security_appliance_software:8.4
cpe:/a:cisco:adaptive_security_appliance_software:8.6
cpe:/a:cisco:adaptive_security_appliance_software:9.0
cpe:/a:cisco:adaptive_security_appliance_software:9.1

Date published: 2014-04-10T00:34:50.960-04:00

Date last modified: 2014-04-10T14:09:34.750-04:00

CVSS Score: 8.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Summary: Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.