2
CVSSv3

CVE-2014-0739

Published: 22/02/2014 Updated: 21/11/2024

Vulnerability Summary

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and previous versions allows remote malicious users to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco adaptive security appliance software 9.1(3)

Vendor Advisories

A vulnerability in the TFTP request function of the Phone Proxy feature of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to pass traffic from an untrusted phone through the ASA The vulnerability is due to a limitation in processing the TFTP request for a configuration file An attacker could exploit t ...