CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2195

Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 65.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195
http://www.securitytracker.com/id/1030258
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2195
http://www.securitytracker.com/id/1030258

Products affected by CVE-2014-2195

Cisco » Content Security Management Appliance » Version: N/A

cpe:2.3:h:cisco:content_security_management_appliance:-
Cisco » Asyncos » Version: N/A

cpe:2.3:o:cisco:asyncos:-
Cisco » Email Security Appliance Firmware » Version: N/A

cpe:2.3:o:cisco:email_security_appliance_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2195

Products

Pricing

Contact Us