Clientless SSL VPN Portal Customization Framework Authentication Bypass Vulnerability

Clientless SSL VPN Portal Customization Framework Authentication Bypass Vulnerability

CVE-2014-3393 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.

Learn more about our Cis Benchmark Audit For Cisco.