CVE-2014-3393

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
ciscoadaptive_security_appliance_software
8.2
ciscoadaptive_security_appliance_software
8.2.0.45
ciscoadaptive_security_appliance_software
8.2.1
ciscoadaptive_security_appliance_software
8.2.1.1
ciscoadaptive_security_appliance_software
8.2.2
ciscoadaptive_security_appliance_software
8.2.2.10
ciscoadaptive_security_appliance_software
8.2.2.12
ciscoadaptive_security_appliance_software
8.2.2.16
ciscoadaptive_security_appliance_software
8.2.2.17
ciscoadaptive_security_appliance_software
8.2.3
ciscoadaptive_security_appliance_software
8.2.4
ciscoadaptive_security_appliance_software
8.2.4.1
ciscoadaptive_security_appliance_software
8.2.4.4
ciscoadaptive_security_appliance_software
8.2.5
ciscoadaptive_security_appliance_software
8.2.5.13
ciscoadaptive_security_appliance_software
8.2.5.22
ciscoadaptive_security_appliance_software
8.2.5.26
ciscoadaptive_security_appliance_software
8.2.5.33
ciscoadaptive_security_appliance_software
8.2.5.40
ciscoadaptive_security_appliance_software
8.2.5.41
ciscoadaptive_security_appliance_software
8.2.5.46
ciscoadaptive_security_appliance_software
8.2.5.48
ciscoadaptive_security_appliance_software
8.2.5.50
ciscoadaptive_security_appliance_software
8.3
ciscoadaptive_security_appliance_software
8.3.1
ciscoadaptive_security_appliance_software
8.3.1.1
ciscoadaptive_security_appliance_software
8.3.1.4
ciscoadaptive_security_appliance_software
8.3.1.6
ciscoadaptive_security_appliance_software
8.3.2
ciscoadaptive_security_appliance_software
8.3.2.4
ciscoadaptive_security_appliance_software
8.3.2.13
ciscoadaptive_security_appliance_software
8.3.2.23
ciscoadaptive_security_appliance_software
8.3.2.25
ciscoadaptive_security_appliance_software
8.3.2.31
ciscoadaptive_security_appliance_software
8.3.2.33
ciscoadaptive_security_appliance_software
8.3.2.34
ciscoadaptive_security_appliance_software
8.3.2.37
ciscoadaptive_security_appliance_software
8.3.2.39
ciscoadaptive_security_appliance_software
8.3.2.40
ciscoadaptive_security_appliance_software
8.3.2.41
ciscoadaptive_security_appliance_software
8.4
ciscoadaptive_security_appliance_software
8.4.1
ciscoadaptive_security_appliance_software
8.4.1.3
ciscoadaptive_security_appliance_software
8.4.1.11
ciscoadaptive_security_appliance_software
8.4.2
ciscoadaptive_security_appliance_software
8.4.2.1
ciscoadaptive_security_appliance_software
8.4.2.8
ciscoadaptive_security_appliance_software
8.4.3
ciscoadaptive_security_appliance_software
8.4.3.8
ciscoadaptive_security_appliance_software
8.4.3.9
ciscoadaptive_security_appliance_software
8.4.4
ciscoadaptive_security_appliance_software
8.4.4.1
ciscoadaptive_security_appliance_software
8.4.4.3
ciscoadaptive_security_appliance_software
8.4.4.5
ciscoadaptive_security_appliance_software
8.4.4.9
ciscoadaptive_security_appliance_software
8.4.5
ciscoadaptive_security_appliance_software
8.4.5.6
ciscoadaptive_security_appliance_software
8.4.6
ciscoadaptive_security_appliance_software
8.4.7
ciscoadaptive_security_appliance_software
8.4.7.3
ciscoadaptive_security_appliance_software
8.4.7.15
ciscoadaptive_security_appliance_software
8.4.7.22
ciscoadaptive_security_appliance_software
8.6
ciscoadaptive_security_appliance_software
8.6.1
ciscoadaptive_security_appliance_software
8.6.1.1
ciscoadaptive_security_appliance_software
8.6.1.2
ciscoadaptive_security_appliance_software
8.6.1.5
ciscoadaptive_security_appliance_software
8.6.1.10
ciscoadaptive_security_appliance_software
8.6.1.12
ciscoadaptive_security_appliance_software
8.6.1.13
ciscoadaptive_security_appliance_software
8.6.1.14
ciscoadaptive_security_appliance_software
9.0
ciscoadaptive_security_appliance_software
9.0.1
ciscoadaptive_security_appliance_software
9.0.2
ciscoadaptive_security_appliance_software
9.0.2.10
ciscoadaptive_security_appliance_software
9.0.3
ciscoadaptive_security_appliance_software
9.0.3.6
ciscoadaptive_security_appliance_software
9.0.3.8
ciscoadaptive_security_appliance_software
9.0.4
ciscoadaptive_security_appliance_software
9.0.4.1
ciscoadaptive_security_appliance_software
9.0.4.5
ciscoadaptive_security_appliance_software
9.0.4.7
ciscoadaptive_security_appliance_software
9.0.4.17
ciscoadaptive_security_appliance_software
9.0.4.20
ciscoadaptive_security_appliance_software
9.0.4.24
ciscoadaptive_security_appliance_software
9.1
ciscoadaptive_security_appliance_software
9.1.1
ciscoadaptive_security_appliance_software
9.1.1.4
ciscoadaptive_security_appliance_software
9.1.2
ciscoadaptive_security_appliance_software
9.1.2.8
ciscoadaptive_security_appliance_software
9.1.3
ciscoadaptive_security_appliance_software
9.1.3.2
ciscoadaptive_security_appliance_software
9.1.4
ciscoadaptive_security_appliance_software
9.1.5
ciscoadaptive_security_appliance_software
9.1.5.10
ciscoadaptive_security_appliance_software
9.1.5.12
ciscoadaptive_security_appliance_software
9.1.5.15
ciscoadaptive_security_appliance_software
9.2.0
ciscoadaptive_security_appliance_software
9.2.1
ciscoadaptive_security_appliance_software
9.2.2
ciscoadaptive_security_appliance_software
9.2.2.4
ciscoadaptive_security_appliance_software
9.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa