This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
The remote Cisco ASA device is affected by one or more of the
following vulnerabilities :
- An issue exists in the Adaptive Security Device Manager
(ADSM) due to improper privilege assignment to users
with a privilege level of zero. This issue allows an
authenticated, remote attacker to gain administrative
- An issue exists in the SSL VPN portal when the
Clientless SSL VPN feature is used due to improper
handling of management session information. An
authenticated, remote attacker can exploit this to gain
administrative privileges. (CVE-2014-2127)
- An issue exists in the SSL VPN feature due to improper
handling of authentication cookies. An unauthenticated,
remote attacker can exploit this to bypass
authentication, resulting in unauthorized access to
internal network resources. (CVE-2014-2128)
- An issue exists in the SIP inspection engine due to
improper handling of SIP packets. An unauthenticated,
remote attacker can exploit this to cause memory
exhaustion, resulting in a denial of service.
Note that that the verification check for the presence of
CVE-2014-2128 is a best effort approach and may result in potential
See also :
Apply the relevant patch or workaround referenced in Cisco Security
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : true
Nessus Plugin ID: 73533 ()
Bugtraq ID: 66745667466674766748
CVE ID: CVE-2014-2126CVE-2014-2127CVE-2014-2128CVE-2014-2129
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.