CVE-2014-3399

Published: Oct 7, 2014Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.

Affected (1)

Products: Cisco: Adaptive Security Appliance Software

1 product

Adaptive Security Appliance Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Adaptive Security Appliance Software	Up to 9.2\(2.4\)

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3399

Source: psirt@cisco.com

Broken LinkVendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=35989

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3399

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=35989

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.