VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2014· Updated May 6, 2026

CVE-2014-2127

CVE-2014-2127

Description

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.

Affected products

8
  • Cisco Systems, Inc./Cisco Adaptive Security Appliance8 versions
    cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3\(1\):*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.