CVE-2014-3390

{"id": "CVE-2014-3390", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-10T10:55:06.507", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574."}, {"lang": "es", "value": "La implementaci\u00f3n de pol\u00edtica Virtual Network Management Center (VNMC) en Cisco ASA Software 8.7 anterior a 8.7(1.14), 9.2 anterior a 9.2(2.8), y 9.3 anterior a 9.3(1.1) permite a usuarios locales obtener acceso al root de Linux mediante el aprovechamiento de privilegios administrativos y la ejecuci\u00f3n de una secuencia de comandos manipulada, tambi\u00e9n conocido como Bug IDs CSCuq41510 y CSCuq47574."}], "lastModified": "2023-08-15T14:52:02.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E628AA9-1F66-42EC-97EE-9EB3E8E5F082"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3768E4B0-E457-47AB-99B0-7C1A0E0CBE35"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0"}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}