CVE-2014-2195

Currently unrated

Key Information:

Vendor: Cisco
Status: Asyncos; Content Security Management Appliance; Email Security Appliance Firmware
Vendor: CVE Published:; 20 May 2014

Summary

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030258

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 20, 2014
Vulnerability Reserved
Feb 25, 2014