The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-04-09 21:34
Updated : 2014-04-10 11:22
NVD link : CVE-2014-2128
Mitre link : CVE-2014-2128
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
cisco
- adaptive_security_appliance_software