CVE-2014-2128CVE-2014-2128

Affected configuration(s):

cpe:/a:cisco:adaptive_security_appliance_software:8.2
cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29
cpe:/a:cisco:adaptive_security_appliance_software:8.4
cpe:/a:cisco:adaptive_security_appliance_software:8.6
cpe:/a:cisco:adaptive_security_appliance_software:9.0
cpe:/a:cisco:adaptive_security_appliance_software:9.1

Date published: 2014-04-10T00:34:51.007-04:00

Date last modified: 2014-04-10T14:22:38.107-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa

Summary: The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.