Cisco ASA Software SharePoint RAMFS Integrity and Lua Injection Vulnerabilities (CSCup54208 and CSCup54184)

Medium Nessus Plugin ID 79667

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its banner, the version of the Cisco ASA software on the remote device is affected by a vulnerability in its SSL VPN code due to improper validation of session information for the SSL VPN when a SharePoint handler is created. This allows a remote, authenticated attacker to overwrite arbitrary files present on the RAMFS file system, inject Lua scripts, or cause a denial of service condition via crafted HTTP requests.

Solution

Apply the relevant patch referenced in the vendor advisory.

See Also

http://www.nessus.org/u?eadb7d7e

https://tools.cisco.com/security/center/viewAlert.x?alertId=35989

Plugin Details

Severity: Medium

ID: 79667

File Name: cisco-sn-CVE-2014-3399-asa.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 2014/12/02

Updated: 2018/11/15

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:adaptive_security_appliance_software

Required KB Items: Host/Cisco/ASA

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/06

Vulnerability Publication Date: 2014/10/06

Reference Information

CVE: CVE-2014-3399

BID: 70251

CISCO-BUG-ID: CSCup54208, CSCup54184