CVE-2014-2127

Опубликовано: 10 апр. 2014

Источник: nvd

CVSS2: 8.5

EPSS Средний

Описание

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.30946

Средний

8.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-9pjc-88j6-6ww4

github

около 3 лет назад

BDU:2015-00129

fstec

больше 11 лет назад

Уязвимость программного обеспечения Cisco ASA, позволяющая злоумышленнику повысить свои привилегии