Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-3393

Published: 10/10/2014 Updated: 15/08/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Adaptive Security Appliance Software

Vulnerability Summary

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 prior to 8.2(5.51), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.23), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.24), 9.1 prior to 9.1(5.12), and 9.2 prior to 9.2(2.4) does not properly implement authentication, which allows remote malicious users to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco adaptive security appliance software 9.1.1.4

cisco adaptive security appliance software 9.1.4

cisco adaptive security appliance software 8.6.1.12

cisco adaptive security appliance software 9.1.3

cisco adaptive security appliance software 9.1.2

cisco adaptive security appliance software 9.2.3

cisco adaptive security appliance software 9.1.1

cisco adaptive security appliance software 9.1.2.8

cisco adaptive security appliance software 9.1.5.15

cisco adaptive security appliance software 9.1.5.10

cisco adaptive security appliance software 9.2.1

cisco adaptive security appliance software 9.1.5

cisco adaptive security appliance software 9.2.2.4

cisco adaptive security appliance software 9.1.5.12

cisco adaptive security appliance software 9.1.3.2

cisco adaptive security appliance software 9.2.2

cisco adaptive security appliance software 9.2.0

cisco adaptive security appliance software 8.3.2.40

cisco adaptive security appliance software 8.3.1

cisco adaptive security appliance software 8.2.2

cisco adaptive security appliance software 8.3.1.1

cisco adaptive security appliance software 8.3.1.6

cisco adaptive security appliance software 8.2.5.40

cisco adaptive security appliance software 8.2.1

cisco adaptive security appliance software 8.2.2.12

cisco adaptive security appliance software 8.2.5.22

cisco adaptive security appliance software 8.2.5.33

cisco adaptive security appliance software 8.2.5.41

cisco adaptive security appliance software 8.2.4.4

cisco adaptive security appliance software 8.2.2.10

cisco adaptive security appliance software 8.3.2.37

cisco adaptive security appliance software 8.3.2.39

cisco adaptive security appliance software 8.2.5.26

cisco adaptive security appliance software 8.3.2

cisco adaptive security appliance software 8.3.2.33

cisco adaptive security appliance software 8.2.4

cisco adaptive security appliance software 8.3.2.41

cisco adaptive security appliance software 8.2.4.1

cisco adaptive security appliance software 8.2.3

cisco adaptive security appliance software 8.3.1.4

cisco adaptive security appliance software 8.3.2.34

cisco adaptive security appliance software 8.2.5.50

cisco adaptive security appliance software 8.2.5

cisco adaptive security appliance software 8.3.2.13

cisco adaptive security appliance software 8.2.5.13

cisco adaptive security appliance software 8.3.2.23

cisco adaptive security appliance software 8.3.2.31

cisco adaptive security appliance software 8.3.2.4

cisco adaptive security appliance software 8.2

cisco adaptive security appliance software 8.2.2.17

cisco adaptive security appliance software 8.2.1.1

cisco adaptive security appliance software 8.2.2.16

cisco adaptive security appliance software 8.3.2.25

cisco adaptive security appliance software 8.2.5.46

cisco adaptive security appliance software 8.2.5.48

cisco adaptive security appliance software 8.2.0.45

cisco adaptive security appliance software 8.3

cisco adaptive security appliance software 8.4.3

cisco adaptive security appliance software 8.4.4.9

cisco adaptive security appliance software 8.4.4

cisco adaptive security appliance software 8.4.1.3

cisco adaptive security appliance software 8.4.1.11

cisco adaptive security appliance software 8.4.7.22

cisco adaptive security appliance software 8.4.2.1

cisco adaptive security appliance software 8.4.4.1

cisco adaptive security appliance software 8.4.7

cisco adaptive security appliance software 8.4.5

cisco adaptive security appliance software 8.4.7.15

cisco adaptive security appliance software 8.4.4.5

cisco adaptive security appliance software 8.4.3.8

cisco adaptive security appliance software 8.4.3.9

cisco adaptive security appliance software 8.4.6

cisco adaptive security appliance software 8.4.5.6

cisco adaptive security appliance software 8.4.7.3

cisco adaptive security appliance software 8.4.4.3

cisco adaptive security appliance software 8.4.2.8

cisco adaptive security appliance software 8.4.1

cisco adaptive security appliance software 8.4

cisco adaptive security appliance software 8.4.2

cisco adaptive security appliance software 8.6.1

cisco adaptive security appliance software 8.6.1.13

cisco adaptive security appliance software 8.6.1.2

cisco adaptive security appliance software 8.6.1.14

cisco adaptive security appliance software 8.6.1.10

cisco adaptive security appliance software 8.6.1.1

cisco adaptive security appliance software 8.6.1.5

cisco adaptive security appliance software 8.6

cisco adaptive security appliance software 9.0.4

cisco adaptive security appliance software 9.0.4.5

cisco adaptive security appliance software 9.0.4.7

cisco adaptive security appliance software 9.0.3.8

cisco adaptive security appliance software 9.0.4.17

cisco adaptive security appliance software 9.0.3.6

cisco adaptive security appliance software 9.0.2.10

cisco adaptive security appliance software 9.0

cisco adaptive security appliance software 9.0.1

cisco adaptive security appliance software 9.0.4.24

cisco adaptive security appliance software 9.0.2

cisco adaptive security appliance software 9.0.4.20

cisco adaptive security appliance software 9.0.3

cisco adaptive security appliance software 9.0.4.1

cisco adaptive security appliance software 9.1

Vendor Advisories

Cisco: Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability
A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting (XSS), and other types of web attacks on the client using the affected system ...

Recent Articles

Hackers now popping Cisco VPN portals
The Register • Darren Pauli • 20 Feb 2015

Customise tool makes screwy GUIs

Crackers are popping customised Cisco virtual private networks, stealing credentials and spraying malware using a flaw reported by Aussie hacker Alec Stuart-Muirk, the company warns. Organisations running the Cisco Clientless SSL VPN portal in customised configurations risk attack if they do not update to versions released 8 October. It's not users' fault their custom rigs are in trouble: Cisco says the flaw (CVE-2014-3393) appeared thanks to improper implementation of authentication checks in t...

Read more...

References

CWE-287http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asahttps://nvd.nist.govhttps://www.theregister.co.uk/2015/02/20/hackers_popping_cisco_vpn_portals/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141008-CVE-2014-3393
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook