CVE-2014-3393

EXPLOITED

Cisco Adaptive Security Appliance Software - Authentication Bypass

Title source: rule

Description

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

References (1)

Scores

EPSS 0.0078
EPSS Percentile 73.5%

Exploitation Intel

VulnCheck KEV 2016-09-28

Classification

CWE
CWE-287
Status draft

Affected Products (50)

cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
cisco/adaptive_security_appliance_software
... and 35 more

Timeline

Published Oct 10, 2014
Tracked Since Feb 18, 2026