CVE-2014-2195

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices (affected versions not specified)

Description The issue is related to the handling of group names when Active Directory is enabled. It allows remote attackers to gain role privileges by exploiting similarities in group names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.