CVE-2014-2128

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 8.2 before 8.2(5.47) Cisco Adaptive Security Appliance (ASA) Software versions 8.3 before 8.3(2.40) Cisco Adaptive Security Appliance (ASA) Software versions 8.4 before 8.4(7.3) Cisco Adaptive Security Appliance (ASA) Software versions 8.6 before 8.6(1.13) Cisco Adaptive Security Appliance (ASA) Software versions 9.0 before 9.0(3.8) Cisco Adaptive Security Appliance (ASA) Software versions 9.1 before 9.1(3.2)

Description The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software has an issue that allows remote attackers to bypass authentication. This can be achieved by using specially crafted values, such as cookie values within modified HTTP POST data or specially crafted URLs.

Recommendations For version 8.2, update to 8.2(5.47) or later. For version 8.3, update to 8.3(2.40) or later. For version 8.4, update to 8.4(7.3) or later. For version 8.6, update to 8.6(1.13) or later. For version 9.0, update to 9.0(3.8) or later. For version 9.1, update to 9.1(3.2) or later.