Lucene search

[email protected]CVE-2014-2195

HistoryMay 20, 2014 - 11:13 a.m.

CVE-2014-2195

2014-05-2011:13:37

CWE-20

[email protected]

web.nvd.nist.gov

cisco

asyncos

email security appliance

esa

content security management appliance

sma

vulnerability

active directory

remote attackers

bug id cscum86085

cve-2014-2195

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.4%

JSON

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

Affected configurations

NVD

Node

ciscoasyncosMatch-

AND

ciscocontent_security_management_applianceMatch-

ciscoemail_security_appliance_firmwareMatch-

CPENameOperatorVersion
cisco:asyncoscisco asyncoseq-
cisco:content_security_management_appliancecisco content security management applianceeq-
cisco:email_security_appliance_firmwarecisco email security appliance firmwareeq-

CPE	Name	Operator	Version
cisco:asyncos	cisco asyncos	eq	-
cisco:content_security_management_appliance	cisco content security management appliance	eq	-
cisco:email_security_appliance_firmware	cisco email security appliance firmware	eq	-

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195

www.securitytracker.com/id/1030258

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for CVE-2014-2195

cvelist1 prion1 nvd1