CVE-2014-2151 — MEDIUM (4.0)

Q: How severe is CVE-2014-2151?

CVE-2014-2151 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2151?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.

Vulnerability Description

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Adaptive Security Appliance Software	<= 8.4\(7.15\)

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151Broken LinkVendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34627Vendor Advisory
http://www.securityfocus.com/bid/68063Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030445Broken LinkThird Party AdvisoryVDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2151Broken LinkVendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=34627Vendor Advisory
http://www.securityfocus.com/bid/68063Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030445Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2014-2151?

CVE-2014-2151 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID...

How severe is CVE-2014-2151?

CVE-2014-2151 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2151?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software.