CVE-2014-2195

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-2195
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195 Vendor Advisory
http://www.securitytracker.com/id/1030258 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:asyncos:-:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*
Information

Published : 2014-05-20 04:13

Updated : 2018-10-30 09:27

NVD link : CVE-2014-2195

Mitre link : CVE-2014-2195

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

cisco

  • content_security_management_appliance
  • asyncos
  • email_security_appliance_firmware