CVE-2014-2127
Published Apr 10, 2014
Last updated a year ago
Overview
- Description
- Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AFE6E41-E5C3-48AA-A534-A1AF3E86E3F0"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2185ED62-166C-4F43-ACA2-C1EF43C48D47"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "785388F5-E76A-4762-B498-35F69CE537AA"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\\(1\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31BA0ED9-6962-4E19-89A1-1724AADEC669"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A914DE5-2269-451A-823A-B26AE1A7F980"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BFCE154-6582-49E2-9B9D-641986B7D653"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F995B807-32A2-401F-99D5-FBBA8B69E844"
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B64230D9-75E1-40C0-8889-43F1035F5B60"
}
],
"operator": "OR"
}
]
}
]