CVE-2014-3389
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
55.6%
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | asa | 7.2.5 | cpe:2.3:a:cisco:asa:7.2.5:*:*:*:*:*:*:* |
| cisco | asa | 7.2.5.10 | cpe:2.3:a:cisco:asa:7.2.5.10:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5 | cpe:2.3:a:cisco:asa:8.2.5:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.13 | cpe:2.3:a:cisco:asa:8.2.5.13:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.22 | cpe:2.3:a:cisco:asa:8.2.5.22:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.26 | cpe:2.3:a:cisco:asa:8.2.5.26:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.33 | cpe:2.3:a:cisco:asa:8.2.5.33:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.41 | cpe:2.3:a:cisco:asa:8.2.5.41:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.46 | cpe:2.3:a:cisco:asa:8.2.5.46:*:*:*:*:*:*:* |
| cisco | asa | 8.2.5.48 | cpe:2.3:a:cisco:asa:8.2.5.48:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
55.6%