VAR-201410-0077
Vulnerability from variot - Updated: 2023-12-18 13:53The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574. A local attacker can exploit this issue to gain root privileges. This issue is being tracked by Cisco Bug IDs CSCuq41510 and CSCuq47574. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not adequately filtering the input submitted by the user. The following versions are affected: Cisco ASA Software 8.7 prior to 8.7(1.14), 9.2 prior to 9.2(2.8), 9.3 prior to 9.3(1.1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.2.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.2.2.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.1.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.1.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.1.13"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.1.11"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.7.1.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.1.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.7.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7(1.14)"
},
{
"model": "adaptive security appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.3(1.1)"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.2(2.8)"
},
{
"model": "adaptive security appliance software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3390"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "70296"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3390",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3390",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "VHN-71330",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3390",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71330",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574. \nA local attacker can exploit this issue to gain root privileges. \nThis issue is being tracked by Cisco Bug IDs CSCuq41510 and CSCuq47574. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not adequately filtering the input submitted by the user. The following versions are affected: Cisco ASA Software 8.7 prior to 8.7(1.14), 9.2 prior to 9.2(2.8), 9.3 prior to 9.3(1.1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "BID",
"id": "70296"
},
{
"db": "VULHUB",
"id": "VHN-71330"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3390",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213",
"trust": 0.7
},
{
"db": "BID",
"id": "70296",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71330",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71330"
},
{
"db": "BID",
"id": "70296"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"id": "VAR-201410-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71330"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:21.340000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20141008-asa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa"
},
{
"title": "35913",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35913"
},
{
"title": "cisco-sa-20141008-asa",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/112/1126/1126286_cisco-sa-20141008-asa-j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71330"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141008-asa"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3390"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3390"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps12726/index.html"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35913"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71330"
},
{
"db": "BID",
"id": "70296"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71330"
},
{
"db": "BID",
"id": "70296"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71330"
},
{
"date": "2014-10-08T00:00:00",
"db": "BID",
"id": "70296"
},
{
"date": "2014-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"date": "2014-10-10T10:55:06.507000",
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71330"
},
{
"date": "2014-10-08T00:00:00",
"db": "BID",
"id": "70296"
},
{
"date": "2014-10-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004664"
},
{
"date": "2023-08-15T14:52:02.310000",
"db": "NVD",
"id": "CVE-2014-3390"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "70296"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASA Software Virtual Network Management Center In policy implementation Linux of root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-213"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…