Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3390

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.

Published

2014-10-10T10:55:06.507

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.1

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco adaptive_security_appliance_software 8.7.8 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1.3 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1.4 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1.7 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1.11 Yes
Operating System cisco adaptive_security_appliance_software 8.7.1.13 Yes
Operating System cisco adaptive_security_appliance_software 9.2.1 Yes
Operating System cisco adaptive_security_appliance_software 9.2.2 Yes
Operating System cisco adaptive_security_appliance_software 9.2.2.4 Yes
Operating System cisco adaptive_security_appliance_software 9.3.1 Yes
Operating System cisco adaptive_security_appliance_software 9.3.1.1 Yes
References