CVE-2014-2127: Input Validation
First published: Thu Apr 10 2014(Updated: )
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance | =8.0 | |
| Cisco Adaptive Security Appliance | =8.1 | |
| Cisco Adaptive Security Appliance | =8.2 | |
| Cisco Adaptive Security Appliance | =8.3\(1\) | |
| Cisco Adaptive Security Appliance | =8.4 | |
| Cisco Adaptive Security Appliance | =8.6 | |
| Cisco Adaptive Security Appliance | =9.0 | |
| Cisco Adaptive Security Appliance | =9.1 | |
| Cisco Adaptive Security Appliance Software | =8.0 | |
| Cisco Adaptive Security Appliance Software | =8.1 | |
| Cisco Adaptive Security Appliance Software | =8.2 | |
| Cisco Adaptive Security Appliance Software | =8.3\(1\) | |
| Cisco Adaptive Security Appliance Software | =8.4 | |
| Cisco Adaptive Security Appliance Software | =8.6 | |
| Cisco Adaptive Security Appliance Software | =9.0 | |
| Cisco Adaptive Security Appliance Software | =9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2127?
The severity of CVE-2014-2127 is classified as high due to improper privilege validation leading to potential unauthorized access.
Which versions are affected by CVE-2014-2127?
CVE-2014-2127 affects Cisco Adaptive Security Appliance Software versions 8.0 through 9.1 up to specific patch levels.
How do I fix CVE-2014-2127?
To fix CVE-2014-2127, upgrade to a patched version of Cisco Adaptive Security Appliance Software as recommended by Cisco.
What are the potential impacts of CVE-2014-2127?
The potential impacts of CVE-2014-2127 include unauthorized users gaining access to the SSL VPN portal and management functionality.
Is there a workaround for CVE-2014-2127?
There are no known workarounds for CVE-2014-2127, and upgrading to a fixed version is the recommended approach.
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco adaptive security appliance
- version/cisco adaptive security appliance/8.0
- version/cisco adaptive security appliance/8.1
- version/cisco adaptive security appliance/8.2
- version/cisco adaptive security appliance/8.3\(1\)
- version/cisco adaptive security appliance/8.4
- version/cisco adaptive security appliance/8.6
- version/cisco adaptive security appliance/9.0
- version/cisco adaptive security appliance/9.1
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.0
- version/cisco adaptive security appliance software/8.1
- version/cisco adaptive security appliance software/8.2
- version/cisco adaptive security appliance software/8.3\(1\)
- version/cisco adaptive security appliance software/8.4
- version/cisco adaptive security appliance software/8.6
- version/cisco adaptive security appliance software/9.0
- version/cisco adaptive security appliance software/9.1