5
CVSSv2

CVE-2014-3398

Published: 05/10/2014 Updated: 06/10/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote malicious users to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.

Affected Products

Vendor Advisories

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an unauthenticated, remote attacker to obtain information about the Cisco ASA Software version This information could be used for reconnaissance attacks The vulnerability is due to verbose output returned when a specific URL is submitted to the affected system An attacker co ...