CVE-2014-3390
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
10/10/2014
Last modified:
12/04/2025
Description
The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page