CVE-2014-3391
Description
Cisco ASA Software has an untrusted search path vulnerability allowing local privilege escalation via a trojan library in external memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco ASA Software has an untrusted search path vulnerability allowing local privilege escalation via a trojan library in external memory.
Vulnerability
An untrusted search path vulnerability exists in Cisco ASA Software versions 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) due to an incorrect LD_LIBRARY_PATH value that prioritizes external memory locations over system directories. When a local user places a Trojan horse library file in external memory (e.g., a USB drive), the device loads that library upon the next reload, executing arbitrary code with elevated privileges. No special configuration is required; the default LD_LIBRARY_PATH setting makes the code path reachable. The vulnerability is tracked as Bug ID CSCtq52661 [1].
Exploitation
An attacker needs local (physical or remote with file-write access) ability to place a malicious shared library file into external memory accessible to the Cisco ASA device. After the device is reloaded, the system loads the attacker-controlled library instead of the legitimate system library due to the flawed library search order. The attacker must also be able to trigger or wait for a device reload. No user interaction or additional privilege is required once the library is placed [1].
Impact
Successful exploitation allows a local attacker to execute arbitrary code with the privileges of the system (typically root). This results in a complete compromise of the affected Cisco ASA device, including unauthorized access to sensitive data, modification of device configuration, and denial of service. The attacker gains full control over the affected system [1].
Mitigation
Cisco released fixed versions to address this vulnerability: Cisco ASA Software releases 8.4(3) and 8.7(1.13). Users should upgrade to these versions or later. For the 8.5 series, which is also affected, upgrade to a fixed version (e.g., 8.4(3) or later stable release). No workaround is available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities catalog as of the advisory date. Users should consult the Cisco Security Advisory [1] for further guidance.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
67cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*+ 65 more
- cpe:2.3:a:cisco:adaptive_security_appliance_software:8.7.8:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.50:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.13:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.23:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.25:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.31:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.33:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.34:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.37:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.39:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.40:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.41:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.15:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.22:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*
- Range: 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.