Description
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030258
Scores
EPSS
0.0125
EPSS Percentile
65.8%
Details
CWE
CWE-20
Status
published
Products (3)
cisco/asyncos
cisco/content_security_management_appliance
cisco/email_security_appliance_firmware
Published
May 20, 2014
Tracked Since
Feb 18, 2026