What is the severity of CVE-2014-3382?

CVE-2014-3382 has a high severity rating due to its potential to cause a denial of service.

How do I fix CVE-2014-3382?

To mitigate CVE-2014-3382, upgrade Cisco ASA Software to a version that is 7.2(5.13), 8.2(5.50), 8.3(2.42), 8.4(7.15), 8.5(1.21), 8.6(1.14), 8.7(1.13), 9.0(4.5), or 9.1(5.1) or later.

Which versions of Cisco ASA Software are affected by CVE-2014-3382?

CVE-2014-3382 affects multiple versions including 7.2, 8.2 up to 8.2(5.41), 8.3, 8.4, 8.5, 8.6, 8.7, and 9.0, 9.1 before their respective fixed releases.

Is CVE-2014-3382 exploitable remotely?

Yes, CVE-2014-3382 can be exploited remotely by attackers to cause service disruption.

What type of vulnerability is CVE-2014-3382?

CVE-2014-3382 is classified as a denial of service vulnerability in the SQL*Net inspection engine of Cisco ASA Software.

Vulnerability/
CVE-2014-3382

high

7.8

CWE

10/10/2014

6/8/2024

CVE-2014-3382: SQL Injection

First published: Fri Oct 10 2014(Updated: )

The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco ASA Software	=7.2.5
Cisco ASA Software	=7.2.5.10
Cisco ASA Software	=8.2.5
Cisco ASA Software	=8.2.5.13
Cisco ASA Software	=8.2.5.22
Cisco ASA Software	=8.2.5.26
Cisco ASA Software	=8.2.5.33
Cisco ASA Software	=8.2.5.41
Cisco ASA Software	=8.2.5.46
Cisco ASA Software	=8.2.5.48
Cisco ASA Software	=8.2.5.49
Cisco ASA Software	=8.3
Cisco ASA Software	=8.3.2.25
Cisco ASA Software	=8.4
Cisco ASA Software	=8.4.1
Cisco ASA Software	=8.4.2
Cisco ASA Software	=8.4.3
Cisco ASA Software	=8.4.4
Cisco ASA Software	=8.4.5
Cisco ASA Software	=8.4.6
Cisco ASA Software	=8.4.7
Cisco ASA Software	=8.5
Cisco ASA Software	=8.5.1.6
Cisco ASA Software	=8.6
Cisco ASA Software	=8.7
Cisco ASA Software	=9.0
Cisco ASA Software	=9.1

Never miss a vulnerability like this again

Reference Links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

Frequently Asked Questions

What is the severity of CVE-2014-3382?
CVE-2014-3382 has a high severity rating due to its potential to cause a denial of service.
How do I fix CVE-2014-3382?
To mitigate CVE-2014-3382, upgrade Cisco ASA Software to a version that is 7.2(5.13), 8.2(5.50), 8.3(2.42), 8.4(7.15), 8.5(1.21), 8.6(1.14), 8.7(1.13), 9.0(4.5), or 9.1(5.1) or later.
Which versions of Cisco ASA Software are affected by CVE-2014-3382?
CVE-2014-3382 affects multiple versions including 7.2, 8.2 up to 8.2(5.41), 8.3, 8.4, 8.5, 8.6, 8.7, and 9.0, 9.1 before their respective fixed releases.
Is CVE-2014-3382 exploitable remotely?
Yes, CVE-2014-3382 can be exploited remotely by attackers to cause service disruption.
What type of vulnerability is CVE-2014-3382?
CVE-2014-3382 is classified as a denial of service vulnerability in the SQL*Net inspection engine of Cisco ASA Software.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco asa software
version/cisco asa software/7.2.5
version/cisco asa software/7.2.5.10
version/cisco asa software/8.2.5
version/cisco asa software/8.2.5.13
version/cisco asa software/8.2.5.22
version/cisco asa software/8.2.5.26
version/cisco asa software/8.2.5.33
version/cisco asa software/8.2.5.41
version/cisco asa software/8.2.5.46
version/cisco asa software/8.2.5.48
version/cisco asa software/8.2.5.49
version/cisco asa software/8.3
version/cisco asa software/8.3.2.25
version/cisco asa software/8.4
version/cisco asa software/8.4.1
version/cisco asa software/8.4.2
version/cisco asa software/8.4.3
version/cisco asa software/8.4.4
version/cisco asa software/8.4.5
version/cisco asa software/8.4.6
version/cisco asa software/8.4.7
version/cisco asa software/8.5
version/cisco asa software/8.5.1.6
version/cisco asa software/8.6
version/cisco asa software/8.7
version/cisco asa software/9.0
version/cisco asa software/9.1