CVE-2014-3399

medium

Cisco

CVSS v3 Base Score

5.5

AV:N/AC:L/Au:S/C:N/I:P/A:P

EPSS Score

0.1%

Exploitation probability in 30 days

Top 70% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

Published: October 7, 2014 (4237 days ago)

Last Modified: May 6, 2026

Vendor: Cisco

Source: NVD

Description

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.

CWE

CWE-94

Affected Products

cisco adaptive security appliance software

References

🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 tools.cisco.com

CVE-2014-3399

Vulnerability Report

Description

CWE

Affected Products

References