Vulnerability Description
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Asyncos | - |
| Cisco | Content Security Management Appliance | - |
| Cisco | Email Security Appliance Firmware | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195Vendor Advisory
- http://www.securitytracker.com/id/1030258Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195Vendor Advisory
- http://www.securitytracker.com/id/1030258Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-2195?
CVE-2014-2195 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote att...
How severe is CVE-2014-2195?
CVE-2014-2195 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2195?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asyncos, Cisco Content Security Management Appliance, Cisco Email Security Appliance Firmware.