HomePentest-Tools.com Logo

Cisco ASA VNMC Command Input Validation Vulnerability (cisco-sa-20141008-asa) CVE-2014-3390

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

A vulnerability in the Virtual Network Management Center (VNMC) policy code of Cisco ASA Software could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user.

Risk description

The vulnerability is due to insufficient sanitization of user supplied input. An attacker could exploit this vulnerability by logging in to an affected system as administrator, copying a malicious script onto the disk, and executing the script. An authenticated, local attacker could exploit this vulnerability by supplying malicious input to the affected scripts. If successful, the attacker could run arbitrary commands on the underlying operating system with the privileges of the root user, resulting in a complete system compromise.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 10, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available