CVE-2014-2195

Cisco AsyncOS - Privilege Escalation

Title source: llm
STIX 2.1

Description

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030258

Scores

EPSS 0.0125
EPSS Percentile 65.8%

Details

CWE
CWE-20
Status published
Products (3)
cisco/asyncos
cisco/content_security_management_appliance
cisco/email_security_appliance_firmware
Published May 20, 2014
Tracked Since Feb 18, 2026