Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-10-10 03:55
Updated : 2014-10-13 15:53
NVD link : CVE-2014-3391
Mitre link : CVE-2014-3391
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
cisco
- adaptive_security_appliance_software