CVE-2014-3390

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.11:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.13:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.3:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.7:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1:::::::*

Information

Published : 2014-10-10 03:55

Updated : 2014-10-13 11:48

NVD link : CVE-2014-3390

Mitre link : CVE-2014-3390

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

adaptive_security_appliance_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3390", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-10-10T10:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-10-13T18:48Z"}

6.8 /10