CVE-2014-0738

Cisco Adaptive Security Appliance Software - Authentication Bypass

Title source: rule

Description

The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=32956

Scores

EPSS 0.0010

EPSS Percentile 27.1%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

cisco/adaptive_security_appliance_software

Timeline

Published Feb 22, 2014

Tracked Since Feb 18, 2026