CVE Vulnerabilities

CVE-2014-3393

Improper Authentication

Published: Oct 10, 2014 | Modified: Aug 15, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Adaptive_security_appliance_software Cisco 8.2 (including) 8.2 (including)
Adaptive_security_appliance_software Cisco 8.2.0.45 (including) 8.2.0.45 (including)
Adaptive_security_appliance_software Cisco 8.2.1 (including) 8.2.1 (including)
Adaptive_security_appliance_software Cisco 8.2.1.1 (including) 8.2.1.1 (including)
Adaptive_security_appliance_software Cisco 8.2.2 (including) 8.2.2 (including)
Adaptive_security_appliance_software Cisco 8.2.2.10 (including) 8.2.2.10 (including)
Adaptive_security_appliance_software Cisco 8.2.2.12 (including) 8.2.2.12 (including)
Adaptive_security_appliance_software Cisco 8.2.2.16 (including) 8.2.2.16 (including)
Adaptive_security_appliance_software Cisco 8.2.2.17 (including) 8.2.2.17 (including)
Adaptive_security_appliance_software Cisco 8.2.3 (including) 8.2.3 (including)
Adaptive_security_appliance_software Cisco 8.2.4 (including) 8.2.4 (including)
Adaptive_security_appliance_software Cisco 8.2.4.1 (including) 8.2.4.1 (including)
Adaptive_security_appliance_software Cisco 8.2.4.4 (including) 8.2.4.4 (including)
Adaptive_security_appliance_software Cisco 8.2.5 (including) 8.2.5 (including)
Adaptive_security_appliance_software Cisco 8.2.5.13 (including) 8.2.5.13 (including)
Adaptive_security_appliance_software Cisco 8.2.5.22 (including) 8.2.5.22 (including)
Adaptive_security_appliance_software Cisco 8.2.5.26 (including) 8.2.5.26 (including)
Adaptive_security_appliance_software Cisco 8.2.5.33 (including) 8.2.5.33 (including)
Adaptive_security_appliance_software Cisco 8.2.5.40 (including) 8.2.5.40 (including)
Adaptive_security_appliance_software Cisco 8.2.5.41 (including) 8.2.5.41 (including)
Adaptive_security_appliance_software Cisco 8.2.5.46 (including) 8.2.5.46 (including)
Adaptive_security_appliance_software Cisco 8.2.5.48 (including) 8.2.5.48 (including)
Adaptive_security_appliance_software Cisco 8.2.5.50 (including) 8.2.5.50 (including)
Adaptive_security_appliance_software Cisco 8.3 (including) 8.3 (including)
Adaptive_security_appliance_software Cisco 8.3.1 (including) 8.3.1 (including)
Adaptive_security_appliance_software Cisco 8.3.1.1 (including) 8.3.1.1 (including)
Adaptive_security_appliance_software Cisco 8.3.1.4 (including) 8.3.1.4 (including)
Adaptive_security_appliance_software Cisco 8.3.1.6 (including) 8.3.1.6 (including)
Adaptive_security_appliance_software Cisco 8.3.2 (including) 8.3.2 (including)
Adaptive_security_appliance_software Cisco 8.3.2.4 (including) 8.3.2.4 (including)
Adaptive_security_appliance_software Cisco 8.3.2.13 (including) 8.3.2.13 (including)
Adaptive_security_appliance_software Cisco 8.3.2.23 (including) 8.3.2.23 (including)
Adaptive_security_appliance_software Cisco 8.3.2.25 (including) 8.3.2.25 (including)
Adaptive_security_appliance_software Cisco 8.3.2.31 (including) 8.3.2.31 (including)
Adaptive_security_appliance_software Cisco 8.3.2.33 (including) 8.3.2.33 (including)
Adaptive_security_appliance_software Cisco 8.3.2.34 (including) 8.3.2.34 (including)
Adaptive_security_appliance_software Cisco 8.3.2.37 (including) 8.3.2.37 (including)
Adaptive_security_appliance_software Cisco 8.3.2.39 (including) 8.3.2.39 (including)
Adaptive_security_appliance_software Cisco 8.3.2.40 (including) 8.3.2.40 (including)
Adaptive_security_appliance_software Cisco 8.3.2.41 (including) 8.3.2.41 (including)
Adaptive_security_appliance_software Cisco 8.4 (including) 8.4 (including)
Adaptive_security_appliance_software Cisco 8.4.1 (including) 8.4.1 (including)
Adaptive_security_appliance_software Cisco 8.4.1.3 (including) 8.4.1.3 (including)
Adaptive_security_appliance_software Cisco 8.4.1.11 (including) 8.4.1.11 (including)
Adaptive_security_appliance_software Cisco 8.4.2 (including) 8.4.2 (including)
Adaptive_security_appliance_software Cisco 8.4.2.1 (including) 8.4.2.1 (including)
Adaptive_security_appliance_software Cisco 8.4.2.8 (including) 8.4.2.8 (including)
Adaptive_security_appliance_software Cisco 8.4.3 (including) 8.4.3 (including)
Adaptive_security_appliance_software Cisco 8.4.3.8 (including) 8.4.3.8 (including)
Adaptive_security_appliance_software Cisco 8.4.3.9 (including) 8.4.3.9 (including)
Adaptive_security_appliance_software Cisco 8.4.4 (including) 8.4.4 (including)
Adaptive_security_appliance_software Cisco 8.4.4.1 (including) 8.4.4.1 (including)
Adaptive_security_appliance_software Cisco 8.4.4.3 (including) 8.4.4.3 (including)
Adaptive_security_appliance_software Cisco 8.4.4.5 (including) 8.4.4.5 (including)
Adaptive_security_appliance_software Cisco 8.4.4.9 (including) 8.4.4.9 (including)
Adaptive_security_appliance_software Cisco 8.4.5 (including) 8.4.5 (including)
Adaptive_security_appliance_software Cisco 8.4.5.6 (including) 8.4.5.6 (including)
Adaptive_security_appliance_software Cisco 8.4.6 (including) 8.4.6 (including)
Adaptive_security_appliance_software Cisco 8.4.7 (including) 8.4.7 (including)
Adaptive_security_appliance_software Cisco 8.4.7.3 (including) 8.4.7.3 (including)
Adaptive_security_appliance_software Cisco 8.4.7.15 (including) 8.4.7.15 (including)
Adaptive_security_appliance_software Cisco 8.4.7.22 (including) 8.4.7.22 (including)
Adaptive_security_appliance_software Cisco 8.6 (including) 8.6 (including)
Adaptive_security_appliance_software Cisco 8.6.1 (including) 8.6.1 (including)
Adaptive_security_appliance_software Cisco 8.6.1.1 (including) 8.6.1.1 (including)
Adaptive_security_appliance_software Cisco 8.6.1.2 (including) 8.6.1.2 (including)
Adaptive_security_appliance_software Cisco 8.6.1.5 (including) 8.6.1.5 (including)
Adaptive_security_appliance_software Cisco 8.6.1.10 (including) 8.6.1.10 (including)
Adaptive_security_appliance_software Cisco 8.6.1.12 (including) 8.6.1.12 (including)
Adaptive_security_appliance_software Cisco 8.6.1.13 (including) 8.6.1.13 (including)
Adaptive_security_appliance_software Cisco 8.6.1.14 (including) 8.6.1.14 (including)
Adaptive_security_appliance_software Cisco 9.0 (including) 9.0 (including)
Adaptive_security_appliance_software Cisco 9.0.1 (including) 9.0.1 (including)
Adaptive_security_appliance_software Cisco 9.0.2 (including) 9.0.2 (including)
Adaptive_security_appliance_software Cisco 9.0.2.10 (including) 9.0.2.10 (including)
Adaptive_security_appliance_software Cisco 9.0.3 (including) 9.0.3 (including)
Adaptive_security_appliance_software Cisco 9.0.3.6 (including) 9.0.3.6 (including)
Adaptive_security_appliance_software Cisco 9.0.3.8 (including) 9.0.3.8 (including)
Adaptive_security_appliance_software Cisco 9.0.4 (including) 9.0.4 (including)
Adaptive_security_appliance_software Cisco 9.0.4.1 (including) 9.0.4.1 (including)
Adaptive_security_appliance_software Cisco 9.0.4.5 (including) 9.0.4.5 (including)
Adaptive_security_appliance_software Cisco 9.0.4.7 (including) 9.0.4.7 (including)
Adaptive_security_appliance_software Cisco 9.0.4.17 (including) 9.0.4.17 (including)
Adaptive_security_appliance_software Cisco 9.0.4.20 (including) 9.0.4.20 (including)
Adaptive_security_appliance_software Cisco 9.0.4.24 (including) 9.0.4.24 (including)
Adaptive_security_appliance_software Cisco 9.1 (including) 9.1 (including)
Adaptive_security_appliance_software Cisco 9.1.1 (including) 9.1.1 (including)
Adaptive_security_appliance_software Cisco 9.1.1.4 (including) 9.1.1.4 (including)
Adaptive_security_appliance_software Cisco 9.1.2 (including) 9.1.2 (including)
Adaptive_security_appliance_software Cisco 9.1.2.8 (including) 9.1.2.8 (including)
Adaptive_security_appliance_software Cisco 9.1.3 (including) 9.1.3 (including)
Adaptive_security_appliance_software Cisco 9.1.3.2 (including) 9.1.3.2 (including)
Adaptive_security_appliance_software Cisco 9.1.4 (including) 9.1.4 (including)
Adaptive_security_appliance_software Cisco 9.1.5 (including) 9.1.5 (including)
Adaptive_security_appliance_software Cisco 9.1.5.10 (including) 9.1.5.10 (including)
Adaptive_security_appliance_software Cisco 9.1.5.12 (including) 9.1.5.12 (including)
Adaptive_security_appliance_software Cisco 9.1.5.15 (including) 9.1.5.15 (including)
Adaptive_security_appliance_software Cisco 9.2.0 (including) 9.2.0 (including)
Adaptive_security_appliance_software Cisco 9.2.1 (including) 9.2.1 (including)
Adaptive_security_appliance_software Cisco 9.2.2 (including) 9.2.2 (including)
Adaptive_security_appliance_software Cisco 9.2.2.4 (including) 9.2.2.4 (including)
Adaptive_security_appliance_software Cisco 9.2.3 (including) 9.2.3 (including)

Potential Mitigations

References