CVE-2014-3390 - OpenCVE

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Adaptive Security Appliance Software

Configuration 1 [-]

OR	cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:::::::*
	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-10-10T10:00:00

Updated: 2024-08-06T10:43:05.877Z

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3390

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-10-10T10:55:06.507

Modified: 2023-08-15T14:52:02.310

Link: CVE-2014-3390

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-10T05:57:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-3390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:05.877Z"}, "title": "CVE Program Container", "references": [{"name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-3390", "datePublished": "2014-10-10T10:00:00", "dateReserved": "2014-05-07T00:00:00", "dateUpdated": "2024-08-06T10:43:05.877Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "7E628AA9-1F66-42EC-97EE-9EB3E8E5F082", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "3768E4B0-E457-47AB-99B0-7C1A0E0CBE35", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574."}, {"lang": "es", "value": "La implementaci\u00f3n de pol\u00edtica Virtual Network Management Center (VNMC) en Cisco ASA Software 8.7 anterior a 8.7(1.14), 9.2 anterior a 9.2(2.8), y 9.3 anterior a 9.3(1.1) permite a usuarios locales obtener acceso al root de Linux mediante el aprovechamiento de privilegios administrativos y la ejecuci\u00f3n de una secuencia de comandos manipulada, tambi\u00e9n conocido como Bug IDs CSCuq41510 y CSCuq47574."}], "id": "CVE-2014-3390", "lastModified": "2023-08-15T14:52:02.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-10T10:55:06.507", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}