Lucene search

[email protected]CVE-2014-0739

HistoryFeb 22, 2014 - 9:55 p.m.

CVE-2014-0739

2014-02-2221:55:09

CWE-287

[email protected]

web.nvd.nist.gov

cisco

asa

software

cve-2014-0739

tftp

authentication

bypass

race condition

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.4%

JSON

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_softwareMatch9.1\(3\)

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.1\(3\)

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.1\(3\)

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739

tools.cisco.com/security/center/viewAlert.x?alertId=32955

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.4%

JSON

Related for CVE-2014-0739

seebug1 cvelist1 nvd1 cisco1 prion1