CVE-2014-8023

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software versions 9.2(.3) and earlier

Description The issue allows remote authenticated users to bypass intended resource-access restrictions. This is due to the improper selection of tunnel groups when challenge-response authentication is used. An authenticated, remote attacker could access resources of a VPN tunnel group.

Recommendations For versions 9.2(.3) and earlier, consider restricting access to the tunnel-group parameter to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and adjust the configuration of tunnel groups to ensure proper access restrictions are in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.