Lucene search

[email protected]CVE-2014-3390

HistoryOct 10, 2014 - 10:55 a.m.

CVE-2014-3390

2014-10-1010:55:06

CWE-20

[email protected]

web.nvd.nist.gov

cisco

asa

software

vnmc

policy

implementation

local users

linux root access

bug ids

cscuq41510

cscuq47574

cve-2014-3390

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

JSON

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_softwareMatch8.7.8

ciscoadaptive_security_appliance_softwareMatch8.7.1

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

ciscoadaptive_security_appliance_softwareMatch8.7.1.13

ciscoadaptive_security_appliance_softwareMatch9.2.1

ciscoadaptive_security_appliance_softwareMatch9.2.2

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

ciscoadaptive_security_appliance_softwareMatch9.3.1

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

CPENameOperatorVersion
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.8
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1.3
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1.4
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1.7
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1.11
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq8.7.1.13
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.2.1
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.2.2
cisco:adaptive_security_appliance_softwarecisco adaptive security appliance softwareeq9.2.2.4

CPE	Name	Operator	Version
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.8
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1.3
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1.4
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1.7
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1.11
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	8.7.1.13
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.2.1
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.2.2
cisco:adaptive_security_appliance_software	cisco adaptive security appliance software	eq	9.2.2.4