CVE-2014-0738

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.1(.3) and earlier

Description The issue allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file. This could enable an unauthenticated, remote attacker to modify the trust of the Certificate Trust List (CTL) of a remote IP phone.

Recommendations For versions 9.1(.3) and earlier, consider restricting access to the Phone Proxy component until a patch is available. As a temporary workaround, consider disabling the Phone Proxy function to minimize the risk of exploitation. Avoid using the Phone Proxy component in the Cisco Adaptive Security Appliance (ASA) Software until the issue is resolved.