CVE-2014-3393

Name of the Vulnerable Software and Affected Versions Cisco ASA Software versions 8.2 through 8.2(5.50) Cisco ASA Software versions 8.3 through 8.3(2.41) Cisco ASA Software versions 8.4 through 8.4(7.22) Cisco ASA Software versions 8.6 through 8.6(1.13) Cisco ASA Software versions 9.0 through 9.0(4.23) Cisco ASA Software versions 9.1 through 9.1(5.11) Cisco ASA Software versions 9.2 through 9.2(2.3)

Description The issue is related to the Clientless SSL VPN portal customization framework, which does not properly implement authentication. This allows remote attackers to modify RAMFS customization objects, potentially leading to the insertion of XSS sequences or the capture of credentials.

Recommendations For Cisco ASA Software version 8.2, update to version 8.2(5.51) or later. For Cisco ASA Software version 8.3, update to version 8.3(2.42) or later. For Cisco ASA Software version 8.4, update to version 8.4(7.23) or later. For Cisco ASA Software version 8.6, update to version 8.6(1.14) or later. For Cisco ASA Software version 9.0, update to version 9.0(4.24) or later. For Cisco ASA Software version 9.1, update to version 9.1(5.12) or later. For Cisco ASA Software version 9.2, update to version 9.2(2.4) or later.