Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2014-3393 | First vendor Publication | 2014-10-10 |
Vendor | Cve | Last vendor Modification | 2023-08-15 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3393 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Cisco ASA WebVPN directory traversal attempt RuleID : 32108 - Revision : 2 - Type : SERVER-WEBAPP |
2014-11-16 | Cisco ASA WebVPN directory traversal attempt RuleID : 32107 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-10-30 | Name : The remote device is affected by a man-in-the-middle (MitM) information discl... File : cisco-sa-20141015-poodle-asa.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20141008-asa.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
CISCO | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa... |
Alert History
Date | Informations |
---|---|
2023-08-15 21:28:39 |
|
2023-08-12 05:28:56 |
|
2022-05-23 21:27:45 |
|
2021-05-04 12:31:17 |
|
2021-04-22 01:38:45 |
|
2020-05-23 00:41:00 |
|
2014-11-16 21:25:05 |
|
2014-10-14 05:26:42 |
|
2014-10-11 13:26:23 |
|
2014-10-10 17:24:25 |
|