Published: 22/02/2014 Updated: 15/08/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Adaptive Security Appliance Software

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and previous versions allows remote malicious users to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco adaptive security appliance software 9.1\\(3\\)

A vulnerability in the TFTP request function of the Phone Proxy feature of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to pass traffic from an untrusted phone through the ASA The vulnerability is due to a limitation in processing the TFTP request for a configuration file An attacker could exploit t ...

CWE-287 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739 http://tools.cisco.com/security/center/viewAlert.x?alertId=32955 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140221-CVE-2014-0739

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0739

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect