Lucene search
CiscoCISCO-SA-20141006-CVE-2014-3399HistoryOct 06, 2014 - 9:18 p.m.
Cisco ASA Software SharePoint RAMFS Integrity and Lua Injection Vulnerability
2014-10-0621:18:33
tools.cisco.com
35
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.001
Percentile
50.6%
A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary files present on the RAMFS file system or inject Lua scripts.
The vulnerability is due to insufficient validation of the code that handles session information for the SSL VPN when a SharePoint handler is created. A SharePoint handler is created when a valid SharePoint connection is initiated. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected system. The SSL VPN feature must be configured for the system to be vulnerable.
An exploit could allow the attacker to overwrite arbitrary files on the RAMFS cache or inject Lua scripts, causing a denial of service (DoS) condition for the Clientless SSL VPN portal or causing the system to reload.
This vulnerability was reported to Cisco by Alec Stuart-Muirk.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement may reduce the likelihood of a successful exploit. In addition, an attacker would need to determine whether the targeted device has the SSL VPN feature configured, which is a condition that must be met to achieve a successful exploit.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.2
ORciscoadaptive_security_appliance_softwareMatch8.3
ORciscoadaptive_security_appliance_softwareMatch8.4
ORciscoadaptive_security_appliance_softwareMatch8.6
ORciscoadaptive_security_appliance_softwareMatch9.0
ORciscoadaptive_security_appliance_softwareMatch9.1
ORciscoadaptive_security_appliance_softwareMatch9.2
ORciscoadaptive_security_appliance_softwareMatch8.2.0.45
ORciscoadaptive_security_appliance_softwareMatch8.2.1
ORciscoadaptive_security_appliance_softwareMatch8.2.2
ORciscoadaptive_security_appliance_softwareMatch8.2.2.10
ORciscoadaptive_security_appliance_softwareMatch8.2.3
ORciscoadaptive_security_appliance_softwareMatch8.2.4
ORciscoadaptive_security_appliance_softwareMatch8.2.1.11
ORciscoadaptive_security_appliance_softwareMatch8.2.2.9
ORciscoadaptive_security_appliance_softwareMatch8.2.2.12
ORciscoadaptive_security_appliance_softwareMatch8.2.2.16
ORciscoadaptive_security_appliance_softwareMatch8.2.4.1
ORciscoadaptive_security_appliance_softwareMatch8.2.4.4
ORciscoadaptive_security_appliance_softwareMatch8.2.5
ORciscoadaptive_security_appliance_softwareMatch8.2.5.13
ORciscoadaptive_security_appliance_softwareMatch8.2.5.22
ORciscoadaptive_security_appliance_softwareMatch8.2.5.26
ORciscoadaptive_security_appliance_softwareMatch8.2.2.17
ORciscoadaptive_security_appliance_softwareMatch8.2.5.33
ORciscoadaptive_security_appliance_softwareMatch8.2.5.40
ORciscoadaptive_security_appliance_softwareMatch8.2.5.41
ORciscoadaptive_security_appliance_softwareMatch8.2.5.46
ORciscoadaptive_security_appliance_softwareMatch8.2.5.48
ORciscoadaptive_security_appliance_softwareMatch8.2.5.50
ORciscoadaptive_security_appliance_softwareMatch8.3.1.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1
ORciscoadaptive_security_appliance_softwareMatch8.3.2
ORciscoadaptive_security_appliance_softwareMatch8.3.2.23
ORciscoadaptive_security_appliance_softwareMatch8.3.2.25
ORciscoadaptive_security_appliance_softwareMatch8.3.1.4
ORciscoadaptive_security_appliance_softwareMatch8.3.1.6
ORciscoadaptive_security_appliance_softwareMatch8.3.2.4
ORciscoadaptive_security_appliance_softwareMatch8.3.2.13
ORciscoadaptive_security_appliance_softwareMatch8.3.2.31
ORciscoadaptive_security_appliance_softwareMatch8.3.2.33
ORciscoadaptive_security_appliance_softwareMatch8.3.2.34
ORciscoadaptive_security_appliance_softwareMatch8.3.2.37
ORciscoadaptive_security_appliance_softwareMatch8.3.2.39
ORciscoadaptive_security_appliance_softwareMatch8.3.2.40
ORciscoadaptive_security_appliance_softwareMatch8.3.2.41
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.4.7.23
ORciscoadaptive_security_appliance_softwareMatch8.6.1.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1
ORciscoadaptive_security_appliance_softwareMatch8.6.1.2
ORciscoadaptive_security_appliance_softwareMatch8.6.1.5
ORciscoadaptive_security_appliance_softwareMatch8.6.1.10
ORciscoadaptive_security_appliance_softwareMatch8.6.1.12
ORciscoadaptive_security_appliance_softwareMatch8.6.1.13
ORciscoadaptive_security_appliance_softwareMatch8.6.1.14
ORciscoadaptive_security_appliance_softwareMatch9.0.1
ORciscoadaptive_security_appliance_softwareMatch9.0.2
ORciscoadaptive_security_appliance_softwareMatch9.0.2.10
ORciscoadaptive_security_appliance_softwareMatch9.0.3
ORciscoadaptive_security_appliance_softwareMatch9.0.3.6
ORciscoadaptive_security_appliance_softwareMatch9.0.3.8
ORciscoadaptive_security_appliance_softwareMatch9.0.4
ORciscoadaptive_security_appliance_softwareMatch9.0.4.1
ORciscoadaptive_security_appliance_softwareMatch9.0.4.5
ORciscoadaptive_security_appliance_softwareMatch9.0.4.17
ORciscoadaptive_security_appliance_softwareMatch9.0.4.20
ORciscoadaptive_security_appliance_softwareMatch9.0.4.7
ORciscoadaptive_security_appliance_softwareMatch9.1.1
ORciscoadaptive_security_appliance_softwareMatch9.1.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.2
ORciscoadaptive_security_appliance_softwareMatch9.1.3
ORciscoadaptive_security_appliance_softwareMatch9.1.2.8
ORciscoadaptive_security_appliance_softwareMatch9.1.3.2
ORciscoadaptive_security_appliance_softwareMatch9.1.4
ORciscoadaptive_security_appliance_softwareMatch9.1.4.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5
ORciscoadaptive_security_appliance_softwareMatch9.1.5.10
ORciscoadaptive_security_appliance_softwareMatch9.2.1
ORciscoadaptive_security_appliance_softwareMatch9.2.2
ORciscoadaptive_security_appliance_softwareMatch9.2.2.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | adaptive_security_appliance_software | 8.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.3 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.4 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.6 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.0 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 9.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.0.45 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.1 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:* |
| cisco | adaptive_security_appliance_software | 8.2.2 | cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:* |
Related
prion
prion
Information disclosure
2014-10-07 10:55:00
cve
cve
CVE-2014-3399
2014-10-07 10:55:04
cvelist
cvelist
CVE-2014-3399
2014-10-07 10:00:00
nessus
nessus
nvd
nvd
CVE-2014-3399
2014-10-07 10:55:04
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.001
Percentile
50.6%
Related for CISCO-SA-20141006-CVE-2014-3399