CVE-2014-2127

Опубликовано: 10 апр. 2014

Источник: nvd

CVSS2: 8.5

EPSS Средний

Описание

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*

cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.295

Средний

8.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-9pjc-88j6-6ww4

github

больше 3 лет назад

BDU:2015-00129

fstec

почти 12 лет назад

Уязвимость программного обеспечения Cisco ASA, позволяющая злоумышленнику повысить свои привилегии