CVE-2014-3393 Information

Description

The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51) 8.3 before 8.3(2.42) 8.4 before 8.4(7.23) 8.6 before 8.6(1.14) 9.0 before 9.0(4.24) 9.1 before 9.1(5.12) and 9.2 before 9.2(2.4) does not properly implement authentication which allows remote attackers to modify RAMFS customization objects via unspecified vectors as demonstrated by inserting XSS sequences or capturing credentials aka Bug ID CSCup36829.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa