CVE-2014-3393: XSS
First published: Fri Oct 10 2014(Updated: )
The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Appliance | =8.2 | |
| Cisco Adaptive Security Appliance | =8.2.0.45 | |
| Cisco Adaptive Security Appliance | =8.2.1 | |
| Cisco Adaptive Security Appliance | =8.2.1.1 | |
| Cisco Adaptive Security Appliance | =8.2.2 | |
| Cisco Adaptive Security Appliance | =8.2.2.10 | |
| Cisco Adaptive Security Appliance | =8.2.2.12 | |
| Cisco Adaptive Security Appliance | =8.2.2.16 | |
| Cisco Adaptive Security Appliance Software | =8.2.2.17 | |
| Cisco Adaptive Security Appliance Software | =8.2.3 | |
| Cisco Adaptive Security Appliance Software | =8.2.4 | |
| Cisco Adaptive Security Appliance Software | =8.2.4.1 | |
| Cisco Adaptive Security Appliance Software | =8.2.4.4 | |
| Cisco Adaptive Security Appliance Software | =8.2.5 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.13 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.22 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.26 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.33 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.40 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.41 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.46 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.48 | |
| Cisco Adaptive Security Appliance Software | =8.2.5.50 | |
| Cisco Adaptive Security Appliance Software | =8.3 | |
| Cisco Adaptive Security Appliance Software | =8.3.1 | |
| Cisco Adaptive Security Appliance Software | =8.3.1.1 | |
| Cisco Adaptive Security Appliance Software | =8.3.1.4 | |
| Cisco Adaptive Security Appliance Software | =8.3.1.6 | |
| Cisco Adaptive Security Appliance Software | =8.3.2 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.4 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.13 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.23 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.25 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.31 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.33 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.34 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.37 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.39 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.40 | |
| Cisco Adaptive Security Appliance Software | =8.3.2.41 | |
| Cisco Adaptive Security Appliance Software | =8.4 | |
| Cisco Adaptive Security Appliance Software | =8.4.1 | |
| Cisco Adaptive Security Appliance Software | =8.4.1.3 | |
| Cisco Adaptive Security Appliance Software | =8.4.1.11 | |
| Cisco Adaptive Security Appliance Software | =8.4.2 | |
| Cisco Adaptive Security Appliance Software | =8.4.2.1 | |
| Cisco Adaptive Security Appliance Software | =8.4.2.8 | |
| Cisco Adaptive Security Appliance Software | =8.4.3 | |
| Cisco Adaptive Security Appliance Software | =8.4.3.8 | |
| Cisco Adaptive Security Appliance Software | =8.4.3.9 | |
| Cisco Adaptive Security Appliance Software | =8.4.4 | |
| Cisco Adaptive Security Appliance Software | =8.4.4.1 | |
| Cisco Adaptive Security Appliance Software | =8.4.4.3 | |
| Cisco Adaptive Security Appliance Software | =8.4.4.5 | |
| Cisco Adaptive Security Appliance Software | =8.4.4.9 | |
| Cisco Adaptive Security Appliance Software | =8.4.5 | |
| Cisco Adaptive Security Appliance Software | =8.4.5.6 | |
| Cisco Adaptive Security Appliance Software | =8.4.6 | |
| Cisco Adaptive Security Appliance Software | =8.4.7 | |
| Cisco Adaptive Security Appliance Software | =8.4.7.3 | |
| Cisco Adaptive Security Appliance Software | =8.4.7.15 | |
| Cisco Adaptive Security Appliance Software | =8.4.7.22 | |
| Cisco Adaptive Security Appliance Software | =8.6 | |
| Cisco Adaptive Security Appliance Software | =8.6.1 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.1 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.2 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.5 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.10 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.12 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.13 | |
| Cisco Adaptive Security Appliance Software | =8.6.1.14 | |
| Cisco Adaptive Security Appliance Software | =9.0 | |
| Cisco Adaptive Security Appliance Software | =9.0.1 | |
| Cisco Adaptive Security Appliance Software | =9.0.2 | |
| Cisco Adaptive Security Appliance Software | =9.0.2.10 | |
| Cisco Adaptive Security Appliance Software | =9.0.3 | |
| Cisco Adaptive Security Appliance Software | =9.0.3.6 | |
| Cisco Adaptive Security Appliance Software | =9.0.3.8 | |
| Cisco Adaptive Security Appliance Software | =9.0.4 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.1 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.5 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.7 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.17 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.20 | |
| Cisco Adaptive Security Appliance Software | =9.0.4.24 | |
| Cisco Adaptive Security Appliance Software | =9.1 | |
| Cisco Adaptive Security Appliance Software | =9.1.1 | |
| Cisco Adaptive Security Appliance Software | =9.1.1.4 | |
| Cisco Adaptive Security Appliance Software | =9.1.2 | |
| Cisco Adaptive Security Appliance Software | =9.1.2.8 | |
| Cisco Adaptive Security Appliance Software | =9.1.3 | |
| Cisco Adaptive Security Appliance Software | =9.1.3.2 | |
| Cisco Adaptive Security Appliance Software | =9.1.4 | |
| Cisco Adaptive Security Appliance Software | =9.1.5 | |
| Cisco Adaptive Security Appliance Software | =9.1.5.10 | |
| Cisco Adaptive Security Appliance Software | =9.1.5.12 | |
| Cisco Adaptive Security Appliance Software | =9.1.5.15 | |
| Cisco Adaptive Security Appliance Software | =9.2.0 | |
| Cisco Adaptive Security Appliance Software | =9.2.1 | |
| Cisco Adaptive Security Appliance Software | =9.2.2 | |
| Cisco Adaptive Security Appliance Software | =9.2.2.4 | |
| Cisco Adaptive Security Appliance Software | =9.2.3 | |
| Cisco Adaptive Security Appliance Software | =8.2 | |
| Cisco Adaptive Security Appliance Software | =8.2.0.45 | |
| Cisco Adaptive Security Appliance Software | =8.2.1 | |
| Cisco Adaptive Security Appliance Software | =8.2.1.1 | |
| Cisco Adaptive Security Appliance Software | =8.2.2 | |
| Cisco Adaptive Security Appliance Software | =8.2.2.10 | |
| Cisco Adaptive Security Appliance Software | =8.2.2.12 | |
| Cisco Adaptive Security Appliance Software | =8.2.2.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3393?
CVE-2014-3393 has a high severity rating due to improper authentication allowing remote attackers access to the Cisco ASA VPN portal.
How do I fix CVE-2014-3393?
To fix CVE-2014-3393, upgrade your Cisco ASA Software to versions 8.2(5.51) or later, 8.3(2.42) or later, or any versions listed in the advisory.
Which Cisco systems are affected by CVE-2014-3393?
CVE-2014-3393 affects various versions of the Cisco ASA Software, specifically those prior to 8.2(5.51), 8.3(2.42), and other specified versions.
Can CVE-2014-3393 be exploited remotely?
Yes, CVE-2014-3393 can be exploited remotely due to the improper implementations of authentication in the VPN portal.
What should I do if I can't upgrade my Cisco ASA software to fix CVE-2014-3393?
If you cannot upgrade your Cisco ASA software, consider implementing additional security measures such as access controls or VPN policies until an upgrade is possible.
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco adaptive security appliance
- version/cisco adaptive security appliance/8.2
- version/cisco adaptive security appliance/8.2.0.45
- version/cisco adaptive security appliance/8.2.1
- version/cisco adaptive security appliance/8.2.1.1
- version/cisco adaptive security appliance/8.2.2
- version/cisco adaptive security appliance/8.2.2.10
- version/cisco adaptive security appliance/8.2.2.12
- version/cisco adaptive security appliance/8.2.2.16
- canonical/cisco adaptive security appliance software
- version/cisco adaptive security appliance software/8.2.2.17
- version/cisco adaptive security appliance software/8.2.3
- version/cisco adaptive security appliance software/8.2.4
- version/cisco adaptive security appliance software/8.2.4.1
- version/cisco adaptive security appliance software/8.2.4.4
- version/cisco adaptive security appliance software/8.2.5
- version/cisco adaptive security appliance software/8.2.5.13
- version/cisco adaptive security appliance software/8.2.5.22
- version/cisco adaptive security appliance software/8.2.5.26
- version/cisco adaptive security appliance software/8.2.5.33
- version/cisco adaptive security appliance software/8.2.5.40
- version/cisco adaptive security appliance software/8.2.5.41
- version/cisco adaptive security appliance software/8.2.5.46
- version/cisco adaptive security appliance software/8.2.5.48
- version/cisco adaptive security appliance software/8.2.5.50
- version/cisco adaptive security appliance software/8.3
- version/cisco adaptive security appliance software/8.3.1
- version/cisco adaptive security appliance software/8.3.1.1
- version/cisco adaptive security appliance software/8.3.1.4
- version/cisco adaptive security appliance software/8.3.1.6
- version/cisco adaptive security appliance software/8.3.2
- version/cisco adaptive security appliance software/8.3.2.4
- version/cisco adaptive security appliance software/8.3.2.13
- version/cisco adaptive security appliance software/8.3.2.23
- version/cisco adaptive security appliance software/8.3.2.25
- version/cisco adaptive security appliance software/8.3.2.31
- version/cisco adaptive security appliance software/8.3.2.33
- version/cisco adaptive security appliance software/8.3.2.34
- version/cisco adaptive security appliance software/8.3.2.37
- version/cisco adaptive security appliance software/8.3.2.39
- version/cisco adaptive security appliance software/8.3.2.40
- version/cisco adaptive security appliance software/8.3.2.41
- version/cisco adaptive security appliance software/8.4
- version/cisco adaptive security appliance software/8.4.1
- version/cisco adaptive security appliance software/8.4.1.3
- version/cisco adaptive security appliance software/8.4.1.11
- version/cisco adaptive security appliance software/8.4.2
- version/cisco adaptive security appliance software/8.4.2.1
- version/cisco adaptive security appliance software/8.4.2.8
- version/cisco adaptive security appliance software/8.4.3
- version/cisco adaptive security appliance software/8.4.3.8
- version/cisco adaptive security appliance software/8.4.3.9
- version/cisco adaptive security appliance software/8.4.4
- version/cisco adaptive security appliance software/8.4.4.1
- version/cisco adaptive security appliance software/8.4.4.3
- version/cisco adaptive security appliance software/8.4.4.5
- version/cisco adaptive security appliance software/8.4.4.9
- version/cisco adaptive security appliance software/8.4.5
- version/cisco adaptive security appliance software/8.4.5.6
- version/cisco adaptive security appliance software/8.4.6
- version/cisco adaptive security appliance software/8.4.7
- version/cisco adaptive security appliance software/8.4.7.3
- version/cisco adaptive security appliance software/8.4.7.15
- version/cisco adaptive security appliance software/8.4.7.22
- version/cisco adaptive security appliance software/8.6
- version/cisco adaptive security appliance software/8.6.1
- version/cisco adaptive security appliance software/8.6.1.1
- version/cisco adaptive security appliance software/8.6.1.2
- version/cisco adaptive security appliance software/8.6.1.5
- version/cisco adaptive security appliance software/8.6.1.10
- version/cisco adaptive security appliance software/8.6.1.12
- version/cisco adaptive security appliance software/8.6.1.13
- version/cisco adaptive security appliance software/8.6.1.14
- version/cisco adaptive security appliance software/9.0
- version/cisco adaptive security appliance software/9.0.1
- version/cisco adaptive security appliance software/9.0.2
- version/cisco adaptive security appliance software/9.0.2.10
- version/cisco adaptive security appliance software/9.0.3
- version/cisco adaptive security appliance software/9.0.3.6
- version/cisco adaptive security appliance software/9.0.3.8
- version/cisco adaptive security appliance software/9.0.4
- version/cisco adaptive security appliance software/9.0.4.1
- version/cisco adaptive security appliance software/9.0.4.5
- version/cisco adaptive security appliance software/9.0.4.7
- version/cisco adaptive security appliance software/9.0.4.17
- version/cisco adaptive security appliance software/9.0.4.20
- version/cisco adaptive security appliance software/9.0.4.24
- version/cisco adaptive security appliance software/9.1
- version/cisco adaptive security appliance software/9.1.1
- version/cisco adaptive security appliance software/9.1.1.4
- version/cisco adaptive security appliance software/9.1.2
- version/cisco adaptive security appliance software/9.1.2.8
- version/cisco adaptive security appliance software/9.1.3
- version/cisco adaptive security appliance software/9.1.3.2
- version/cisco adaptive security appliance software/9.1.4
- version/cisco adaptive security appliance software/9.1.5
- version/cisco adaptive security appliance software/9.1.5.10
- version/cisco adaptive security appliance software/9.1.5.12
- version/cisco adaptive security appliance software/9.1.5.15
- version/cisco adaptive security appliance software/9.2.0
- version/cisco adaptive security appliance software/9.2.1
- version/cisco adaptive security appliance software/9.2.2
- version/cisco adaptive security appliance software/9.2.2.4
- version/cisco adaptive security appliance software/9.2.3
- version/cisco adaptive security appliance software/8.2
- version/cisco adaptive security appliance software/8.2.0.45
- version/cisco adaptive security appliance software/8.2.1
- version/cisco adaptive security appliance software/8.2.1.1
- version/cisco adaptive security appliance software/8.2.2
- version/cisco adaptive security appliance software/8.2.2.10
- version/cisco adaptive security appliance software/8.2.2.12
- version/cisco adaptive security appliance software/8.2.2.16