ID de Prueba:	1.3.6.1.4.1.25623.1.0.105984
Categoría:	CISCO
Título:	Cisco ASA Local Path Inclusion Vulnerability (cisco-sa-20141008-asa)
Resumen:	A vulnerability in the function that exports environment; variables of Cisco ASA Software could allow an authenticated, local attacker to inject a; malicious library and take complete control of the system.
Descripción:	Summary: A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. Vulnerability Insight: The vulnerability is due to improper setting of the LD_LIBRARY_PATH environment. An attacker could exploit this vulnerability by copying a malicious library onto the affected system's external memory and triggering a reload of the system. An exploit could allow the attacker to force the affected system to load a malicious library and access the underlying Linux OS, which could lead to a full compromise of the system. Vulnerability Impact: A successful exploit could allow an authenticated, local attacker to load a malicious library on the system and access the underlying Linux operating system, which could allow the attacker to completely compromise the system. Affected Software/OS: Cisco ASA version 8.2, 8.3, 8.4 and 8.7. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3391 Cisco Security Advisory: 20141008 Multiple Vulnerabilities in Cisco ASA Software http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.