Skip to main content

Adaptive Security Appliance Software CVE-2014-3398

MEDIUM
Information Exposure (CWE-200)
2014-10-05 psirt@cisco.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 05, 2014 - 01:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.

AnalysisAI

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542. Affected products include: Cisco Adaptive Security Appliance Software.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-1287 CRITICAL POC
9.8 Feb 11

Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0

CVE-2025-20362 MEDIUM POC
6.5 Sep 25

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar

CVE-2014-2127 HIGH POC
8.5 Apr 10

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 be

CVE-2017-3807 HIGH POC
8.8 Feb 09

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software,

CVE-2018-0101 CRITICAL POC
10.0 Jan 29

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Softw

CVE-2020-3187 CRITICAL POC
9.1 May 06

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Th

CVE-2022-20759 HIGH POC
8.8 May 03

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA)

CVE-2018-15465 HIGH POC
8.1 Dec 24

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authen

CVE-2020-3452 HIGH POC
7.5 Jul 22

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Th

CVE-2018-0296 HIGH POC
7.5 Jun 07

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo

CVE-2015-6360 HIGH
7.5 Apr 21

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via

CVE-2012-4661 CRITICAL
9.0 Oct 29

Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devi

Share

CVE-2014-3398 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy