Published: 07/10/2014 Updated: 02/06/2022

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and previous versions does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco adaptive security appliance software

A vulnerability in the SSL VPN code of Cisco ASA Software could allow an authenticated, remote attacker to overwrite arbitrary files present on the RAMFS file system or inject Lua scripts The vulnerability is due to insufficient validation of the code that handles session information for the SSL VPN when a SharePoint handler is created A SharePo ...

CWE-94 http://tools.cisco.com/security/center/viewAlert.x?alertId=35989 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3399 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141006-CVE-2014-3399

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3399

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect