Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3394

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

Published

2014-10-10T10:55:06.680

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	adaptive_security_virtual_appliance	-	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.0.45	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.1.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.2	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.2.10	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.2.12	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.2.16	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.2.17	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.4	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.4.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.4.4	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.13	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.22	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.26	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.33	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.40	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.41	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.46	Yes
Operating System	cisco	adaptive_security_appliance_software	8.2.5.48	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.1.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.1.11	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.2	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.2.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.2.8	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.3.8	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.3.9	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.4	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.4.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.4.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.4.5	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.4.9	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.5	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.5.6	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.6	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.7	Yes
Operating System	cisco	adaptive_security_appliance_software	8.4.7.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.2	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.5	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.10	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.12	Yes
Operating System	cisco	adaptive_security_appliance_software	8.6.1.13	Yes
Operating System	cisco	adaptive_security_appliance_software	8.7.1	Yes
Operating System	cisco	adaptive_security_appliance_software	8.7.1.3	Yes
Operating System	cisco	adaptive_security_appliance_software	8.7.1.4	Yes
Operating System	cisco	adaptive_security_appliance_software	8.7.1.7	Yes
Operating System	cisco	adaptive_security_appliance_software	8.7.1.11	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.2.10	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.3.6	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.3.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.4.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.4.5	Yes
Operating System	cisco	adaptive_security_appliance_software	9.0.4.7	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.1	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.1.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.2.8	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.3	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.3.2	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.4	Yes
Operating System	cisco	adaptive_security_appliance_software	9.1.5	Yes
Hardware	cisco	asa_1000v_cloud_firewall	-	No
Hardware	cisco	asa_5505	-	No
Hardware	cisco	asa_5512-x	-	No
Hardware	cisco	asa_5515-x	-	No
Hardware	cisco	asa_5525-x	-	No
Hardware	cisco	asa_5545-x	-	No
Hardware	cisco	asa_5555-x	-	No
Hardware	cisco	asa_5580	-	No
Hardware	cisco	asa_5585-x	-	No

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)