Vulnerabilities > CVE-2014-3385 - Race Condition vulnerability in Cisco ASA
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 16 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20141008-ASA.NASL |
| description | The remote Cisco ASA device is affected by one or more of the following vulnerabilities : - A flaw exists in the SQL*NET Inspection Engine due to improper handling of SQL REDIRECT packets. An attacker can exploit this vulnerability by sending a crafted sequence of REDIRECT packets through the affected system. This can cause the device to reload. (CVE-2014-3382) - A flaw exists in the IKE code that can allow an unauthenticated, remote attacker to cause the device to reload. This issue is due to the improper validation of UDP packets. (CVE-2014-3383) - A flaw exists in the IKEv2 code that can allow an unauthenticated, remote attacker to cause the device to reload. This issue is caused by the improper handling of crafted IKEv2 packets. (CVE-2014-3384) - A flaw exists in Health and Performance Monitoring for ASDM functionality that allows an unauthenticated, remote attacker to cause the reload of the device. This issue is caused by a race condition in the operation of the HPM functionality. An attacker can be able to exploit this by sending a large number of half-open simultaneous connections to the device. (CVE-2014-3385) - A flaw exists in the GPRS Tunneling Protocol Inspection Engine that can allow an unauthenticated, remote attacker to cause a reload of the device. This issue is caused by improper handling of GTP packets when sent in a specific sequence. (CVE-2014-3386) - A flaw exists in the SunRPC Inspection Engine that can allow an unauthenticated, remote attacker to cause a reload of the device. This issue is caused by improper validation of specially crafted SunRPC packets. (CVE-2014-3387) - A flaw exists in the DNS Inspection Engine that can allow an unauthenticated, remote attacker to cause a reload of the affected system. This issue is caused by the improper validation of crafted DNS packets. (CVE-2014-3388) - A flaw exists in the VPN failover component that can allow an authenticated, remote attacker to send configuration commands to the standby units. This is caused by an improper implementation of the internal filter for packets coming from an established VPN tunnel. (CVE-2014-3389) - A flaw exists in the VNMC component that allows an authenticated, local attacker to access the underlying operating system as the root user. This issue is caused by the improper sanitation of user-supplied input. (CVE-2014-3390) - A flaw exists in the function that exports environmental variables that allows an authenticated, local attacker to inject arbitrary commands. (CVE-2014-3391) - A flaw exists in the Clientless SSL VPN Portal feature that allows an unauthenticated, remote attacker to access arbitrary memory. This issue is caused by the improper sanitation of user-supplied input. (CVE-2014-3392) - A flaw exists in the Clientless SSL VPN Portal customization framework that allows an unauthenticated, remote attacker to modify the content of the portal interface. This can lead to the compromise of user credentials, cross-site scripting attacks, and other types of web attacks on the client using the system. This is caused by the improper implementation of authentication checks. (CVE-2014-3393) - A flaw exists in the Smart Call Home feature that allows an unauthenticated, remote attacker to bypass digital certificate validation if any feature that uses digital certificates is configured on the affected system. (CVE-2014-3394) |
| last seen | 2019-10-28 |
| modified | 2014-10-10 |
| plugin id | 78240 |
| published | 2014-10-10 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/78240 |
| title | Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20141008-asa) |