CVE-2014-3399

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.2(.2.4) and earlier

Description The issue is related to the SSL VPN implementation, which does not properly manage session information during the creation of a SharePoint handler. This allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs via crafted HTTP requests. As a result, it can cause a denial of service, leading to a portal outage or system reload.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software versions 9.2(.2.4) and earlier, consider restricting access to the SSL VPN until a patch is available. As a temporary workaround, limit the ability to inject Lua scripts or overwrite RAMFS cache files to minimize the risk of exploitation.