CVE-2014-0739
Cisco Adaptive Security Appliance Software 9.1(.3) - Unauthenticated Authentication Bypass via Phone Proxy TFTP Request
Title source: llmDescription
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=32955
Scores
EPSS
0.0115
EPSS Percentile
63.0%
Details
CWE
CWE-287
Status
published
Products (1)
cisco/adaptive_security_appliance_software
9.1\(3\)
Published
Feb 22, 2014
Tracked Since
Feb 18, 2026