Lucene search
HistoryOct 10, 2014 - 10:55 a.m.
CVE-2014-3391
cve-2014-3391
cisco asa software
vulnerability
local users
privileges
trojan horse
library file
nvd
ld_library_path
bug id csctq52661
6.5 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.6%
Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch8.7.8
ORciscoadaptive_security_appliance_softwareMatch8.2.0.45
ORciscoadaptive_security_appliance_softwareMatch8.2.1
ORciscoadaptive_security_appliance_softwareMatch8.2.1.1
ORciscoadaptive_security_appliance_softwareMatch8.2.2
ORciscoadaptive_security_appliance_softwareMatch8.2.2.10
ORciscoadaptive_security_appliance_softwareMatch8.2.2.12
ORciscoadaptive_security_appliance_softwareMatch8.2.2.16
ORciscoadaptive_security_appliance_softwareMatch8.2.2.17
ORciscoadaptive_security_appliance_softwareMatch8.2.3
ORciscoadaptive_security_appliance_softwareMatch8.2.4
ORciscoadaptive_security_appliance_softwareMatch8.2.4.1
ORciscoadaptive_security_appliance_softwareMatch8.2.4.4
ORciscoadaptive_security_appliance_softwareMatch8.2.5
ORciscoadaptive_security_appliance_softwareMatch8.2.5.13
ORciscoadaptive_security_appliance_softwareMatch8.2.5.22
ORciscoadaptive_security_appliance_softwareMatch8.2.5.26
ORciscoadaptive_security_appliance_softwareMatch8.2.5.33
ORciscoadaptive_security_appliance_softwareMatch8.2.5.40
ORciscoadaptive_security_appliance_softwareMatch8.2.5.41
ORciscoadaptive_security_appliance_softwareMatch8.2.5.46
ORciscoadaptive_security_appliance_softwareMatch8.2.5.48
ORciscoadaptive_security_appliance_softwareMatch8.2.5.50
ORciscoadaptive_security_appliance_softwareMatch8.3.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.1
ORciscoadaptive_security_appliance_softwareMatch8.3.1.4
ORciscoadaptive_security_appliance_softwareMatch8.3.1.6
ORciscoadaptive_security_appliance_softwareMatch8.3.2
ORciscoadaptive_security_appliance_softwareMatch8.3.2.4
ORciscoadaptive_security_appliance_softwareMatch8.3.2.13
ORciscoadaptive_security_appliance_softwareMatch8.3.2.23
ORciscoadaptive_security_appliance_softwareMatch8.3.2.25
ORciscoadaptive_security_appliance_softwareMatch8.3.2.31
ORciscoadaptive_security_appliance_softwareMatch8.3.2.33
ORciscoadaptive_security_appliance_softwareMatch8.3.2.34
ORciscoadaptive_security_appliance_softwareMatch8.3.2.37
ORciscoadaptive_security_appliance_softwareMatch8.3.2.39
ORciscoadaptive_security_appliance_softwareMatch8.3.2.40
ORciscoadaptive_security_appliance_softwareMatch8.3.2.41
ORciscoadaptive_security_appliance_softwareMatch8.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.1.3
ORciscoadaptive_security_appliance_softwareMatch8.4.1.11
ORciscoadaptive_security_appliance_softwareMatch8.4.2
ORciscoadaptive_security_appliance_softwareMatch8.4.2.1
ORciscoadaptive_security_appliance_softwareMatch8.4.2.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.3.8
ORciscoadaptive_security_appliance_softwareMatch8.4.3.9
ORciscoadaptive_security_appliance_softwareMatch8.4.4
ORciscoadaptive_security_appliance_softwareMatch8.4.4.1
ORciscoadaptive_security_appliance_softwareMatch8.4.4.3
ORciscoadaptive_security_appliance_softwareMatch8.4.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.4.9
ORciscoadaptive_security_appliance_softwareMatch8.4.5
ORciscoadaptive_security_appliance_softwareMatch8.4.5.6
ORciscoadaptive_security_appliance_softwareMatch8.4.6
ORciscoadaptive_security_appliance_softwareMatch8.4.7
ORciscoadaptive_security_appliance_softwareMatch8.4.7.3
ORciscoadaptive_security_appliance_softwareMatch8.4.7.15
ORciscoadaptive_security_appliance_softwareMatch8.4.7.22
ORciscoadaptive_security_appliance_softwareMatch8.7.1
ORciscoadaptive_security_appliance_softwareMatch8.7.1.3
ORciscoadaptive_security_appliance_softwareMatch8.7.1.4
ORciscoadaptive_security_appliance_softwareMatch8.7.1.7
ORciscoadaptive_security_appliance_softwareMatch8.7.1.11
ORciscoadaptive_security_appliance_softwareMatch8.7.1.13
Related
nvd
nvd
CVE-2014-3391
2014-10-10 10:55:06
openvas
openvas
Cisco ASA Local Path Inclusion Vulnerability (cisco-sa-20141008-asa)
2015-03-13 00:00:00
cisco
cisco
Cisco ASA Local Path Inclusion Vulnerability
2014-10-08 16:09:54
Multiple Vulnerabilities in Cisco ASA Software
2014-10-08 16:00:00
cvelist
cvelist
CVE-2014-3391
2014-10-10 10:00:00
prion
prion
Design/Logic Flaw
2014-10-10 10:55:00
securityvulns
securityvulns
Cisco ASA multiple DoS vulnerabilities
2014-10-13 00:00:00
Cisco ASA multiple security vulnerabilities
2015-07-14 00:00:00
nessus
nessus
Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa)
2014-10-10 00:00:00
6.5 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.6%
Related for CVE-2014-3391