CVE-2014-2151

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-06-2014 06:55

Last modified: - 02-06-2022 05:45

Total changes: - 2

Description

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.0

Base score

8.0

2.9

Exploitability score

Impact score

Verification logic

vendor=cisco AND product=adaptive_security_appliance_software AND versionEndIncluding=8.4\(7.15\)

Reference

20140616 Cisco ASA WebVPN Information Disclosure Vulnerability-Broken Link, Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34627
68063-Third Party Advisory, VDB Entry
1030445-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2014-2151

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-2151

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures