CVE-2014-0739

Cisco Adaptive Security Appliance Software - Authentication Bypass

Title source: rule

Description

Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739

[Vendor Advisory] http://tools.cisco.com/security/center/viewAlert.x?alertId=32955

Scores

EPSS 0.0018

EPSS Percentile 39.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

cisco/adaptive_security_appliance_software

Timeline

Published Feb 22, 2014

Tracked Since Feb 18, 2026