Lucene search

K

[email protected]NVD:CVE-2014-3390

HistoryOct 10, 2014 - 10:55 a.m.

CVE-2014-3390

2014-10-1010:55:06

CWE-20

[email protected]

web.nvd.nist.gov

2

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

Affected configurations

NVD

Node

ciscoadaptive_security_appliance_softwareMatch8.7.8

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1.3

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1.4

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1.7

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1.11

OR

ciscoadaptive_security_appliance_softwareMatch8.7.1.13

OR

ciscoadaptive_security_appliance_softwareMatch9.2.1

OR

ciscoadaptive_security_appliance_softwareMatch9.2.2

OR

ciscoadaptive_security_appliance_softwareMatch9.2.2.4

OR

ciscoadaptive_security_appliance_softwareMatch9.3.1

OR

ciscoadaptive_security_appliance_softwareMatch9.3.1.1

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

Related for NVD:CVE-2014-3390

openvas1 cisco2 cve1 prion1 cvelist1 nessus1 securityvulns2