Home

CVE-2014-3391

Description

Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.095

Associated Vulnerability

VulnerabilityOS Platform
Cisco ASA Local Path Inclusion Vulnerability For Cisco Adaptive Security Appliance (ASA) SoftwareNCM
Improper Input Validation Vulnerability (CVE-2014-3391)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706057Security Update for Cisco Adaptive Security Appliance (ASA) Software 99.17(1.69)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234