VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-3390

CVE-2014-3390

Description

Local admin users can execute a crafted script to gain Linux root access on Cisco ASA via VNMC policy implementation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local admin users can execute a crafted script to gain Linux root access on Cisco ASA via VNMC policy implementation.

Vulnerability

The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software contains a vulnerability that allows local users with administrative privileges to execute a crafted script and obtain Linux root access. Affected versions include 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) [1].

Exploitation

An attacker must have administrative privileges on the Cisco ASA device. With these privileges, the attacker can execute a crafted script to trigger the vulnerability. No additional network position or user interaction is required beyond local administrative access.

Impact

Successful exploitation grants the attacker Linux root access on the affected Cisco ASA device. This results in full compromise of the system, including the ability to read, modify, or delete any data, install malware, and disrupt operations.

Mitigation

Cisco has released fixed software versions: 8.7(1.14), 9.2(2.8), and 9.3(1.1). Users should upgrade to these or later versions as recommended in the Cisco Security Advisory [1]. No workarounds are available.

References
  1. Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

13
  • Cisco Systems, Inc./Cisco Adaptive Security Appliance12 versions
    cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*
  • Cisco Systems, Inc./ASA Softwarellm-fuzzy
    Range: 8.7 < 8.7(1.14), 9.2 < 9.2(2.8), 9.3 < 9.3(1.1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.