CVE-2014-3394

Cisco Adaptive Security Appliance Software - Improper Certificate Validation in Smart Call Home

Title source: llm

Description

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Scores

EPSS 0.0100

EPSS Percentile 58.2%

Details

CWE

CWE-295

Status published

Products (50)

cisco/adaptive_security_appliance_software 8.2.0.45

cisco/adaptive_security_appliance_software 8.2.1

cisco/adaptive_security_appliance_software 8.2.1.1

cisco/adaptive_security_appliance_software 8.2.2

cisco/adaptive_security_appliance_software 8.2.2.10

cisco/adaptive_security_appliance_software 8.2.2.12

cisco/adaptive_security_appliance_software 8.2.2.16

cisco/adaptive_security_appliance_software 8.2.2.17

cisco/adaptive_security_appliance_software 8.2.3

cisco/adaptive_security_appliance_software 8.2.4

... and 40 more

Published Oct 10, 2014

Tracked Since Feb 18, 2026