CVE-2014-3391

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions 8.x before 8.4(3) Cisco ASA Software version 8.5 Cisco ASA Software versions 8.7 before 8.7(1.13)

Description The issue allows local users to gain privileges by placing a Trojan horse library file in external memory. This is due to an incorrect LD LIBRARY PATH value, leading to library use after device reload.

Recommendations For Cisco ASA Software versions 8.x before 8.4(3), update to version 8.4(3) or later. For Cisco ASA Software version 8.5, update to a version after 8.5. For Cisco ASA Software versions 8.7 before 8.7(1.13), update to version 8.7(1.13) or later.