Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-04-09 21:34
Updated : 2014-04-10 11:09
NVD link : CVE-2014-2127
Mitre link : CVE-2014-2127
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
cisco
- adaptive_security_appliance_software